Certified Information Security Manager (CISM) — Question 135

Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when information security management is:

Answer options

• A. partially staffed by external security consultants
• B. combined with the change management function
• C. reporting to the network infrastructure manager
• D. outside of information technology

Correct answer: C

Explanation

The correct answer is C because when information security management reports to the network infrastructure manager, it may prioritize network concerns over security, leading to conflicting objectives. Options A and B do not inherently create such conflicts, and option D, while potentially problematic, does not directly indicate a compromise between objectives as clearly as option C does.