Certified Information Security Manager (CISM) — Question 163

Which of the following is MOST important to the effectiveness of an information security program?

Answer options

• A. The program is aligned to legal and regulatory requirements
• B. The program is aligned to a security control framework
• C. Annual audits of the program are conducted
• D. Users are trained on security policies and procedures

Correct answer: D

Explanation

User training on security policies and procedures is vital because even the best security measures can fail if users are unaware of them. While aligning with legal requirements, security frameworks, and conducting audits are important, without proper training, users may inadvertently compromise security protocols.