Certified Information Security Manager (CISM) — Question 204

Which of the following provides the BEST assurance that security policies are applied across business operations?

Answer options

• A. Organizational standards are enforced by technical controls.
• B. Organizational standards are included in awareness training.
• C. Organizational standards are required to be formally accepted.
• D. Organizational standards are documented in operational procedures.

Correct answer: A

Explanation

The correct answer, A, is effective because technical controls actively enforce security policies, ensuring compliance in real-time. Options B, C, and D, while important for awareness and adherence, do not provide the same level of active enforcement and assurance as technical controls do.