Certified Information Security Manager (CISM) — Question 293

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Answer options

• A. Review and update existing security policies.
• B. Enforce passwords and data encryption on the devices.
• C. Conduct security awareness training.
• D. Require remote wipe capabilities for devices.

Correct answer: A

Explanation

The primary responsibility of an information security manager is to ensure that security policies are current and effective, especially when new technologies like mobile devices are introduced. While enforcing passwords, conducting training, and requiring remote wipe capabilities are important tasks, they fall under the broader scope of policy implementation and management, which is the focus of option A.