Certified Information Security Manager (CISM) — Question 160

The effectiveness of an information security governance framework will BEST be enhanced if:

Answer options

• A. consultants review the information security governance framework
• B. IS auditors are empowered to evaluate governance activities
• C. a culture of legal and regulatory compliance is promoted by management
• D. risk management is built into operational and strategic activities

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of incorporating risk management into all aspects of operations and strategy, which is crucial for an effective governance framework. Options A, B, and C, while valuable, do not directly enhance the framework's effectiveness to the same degree as integrating risk management.