Certified Information Security Manager (CISM) — Question 179

Which of the following BEST enables effective information security governance?

Answer options

• A. Security-aware corporate culture
• B. Advanced security technologies
• C. Periodic vulnerability assessments
• D. Established information security metrics

Correct answer: A

Explanation

A security-aware corporate culture is crucial because it promotes awareness and proactive behavior among employees, which is essential for effective governance. While advanced technologies, vulnerability assessments, and metrics are important, they are not as foundational as a culture that prioritizes security across the organization.