Certified Information Security Manager (CISM) — Question 223

To set security expectations across the enterprise, it is MOST important for the information security policy to be regularly reviewed and endorsed by:

Answer options

• A. security administrators.
• B. senior management.
• C. the chief information security officer (CISO).
• D. the IT steering committee.

Correct answer: B

Explanation

The correct answer is B, senior management, because their endorsement ensures that the security policy aligns with the overall business objectives and has the necessary authority for implementation. While security administrators, the CISO, and the IT steering committee all play important roles, their influence is often limited without senior management's backing.