Certified Information Security Manager (CISM) — Question 1205

Which of the following is the MOST important success factor for maintaining an organizational security-aware culture?

Answer options

• A. Senior management sign-off on security projects and resources
• B. Regular security training and simulation exercises
• C. Regular organization-wide reporting on the risk profile
• D. Employee security policy acknowledgment

Correct answer: B

Explanation

Regular security training and simulation exercises are crucial because they actively engage employees in understanding and practicing security protocols, enhancing their awareness. While senior management support, reporting on risk, and policy acknowledgment are important, they do not directly influence employee behavior and awareness as effectively as hands-on training does.