Certified Information Security Manager (CISM) — Question 362

Which of the following is MOST important to consider when aligning a security awareness program with the organization's business strategy?

Answer options

• A. Processes and technology
• B. People and culture
• C. Regulations and standards
• D. Executive and board directives

Correct answer: B

Explanation

The correct answer is B, as aligning a security awareness program with the organization's culture and the people involved ensures that the message resonates and leads to behavior change. While processes, regulations, and executive directives are important, they do not directly address the human element that is essential for effective security awareness.