Certified Information Security Manager (CISM) — Question 245

Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework?

Answer options

• A. Executive leadership becomes involved in decisions about information security governance.
• B. Executive leadership views information security governance primarily as a concern of the information security management team
• C. Information security staff has little or no experience with the practice of information security governance.
• D. Information security management does not fully accept the responsibility for information security governance.

Correct answer: B

Explanation

The correct answer is B because when executive leadership perceives information security governance as solely the responsibility of the information security management team, it can lead to a lack of support and resources needed for effective implementation. Options A, C, and D, while challenging, do not present as significant a barrier to the overall success of the governance framework as the lack of executive involvement indicated in B.