Certified Information Security Manager (CISM) — Question 1237

Which of the following groups is MOST important to involve in the development of information security procedures?

Answer options

• A. Audit management
• B. Senior management
• C. End users
• D. Operational units

Correct answer: D

Explanation

Involving Operational units is crucial as they are the ones who implement and follow the security procedures on a daily basis, making their input essential for practical and effective security measures. While Senior management, Audit management, and End users also play important roles, they do not have the same level of direct impact on the daily execution of security procedures as Operational units do.