Certified Information Security Manager (CISM) — Question 379
Which of the following information security activities is MOST helpful to support compliance with information security policy?
Answer options
- A. Conducting information security awareness programs
- B. Creating monthly trend metrics
- C. Performing periodic IT reviews on new system acquisitions
- D. Obtaining management commitment
Correct answer: A
Explanation
Running information security awareness sessions is crucial as it educates employees about policies and procedures, promoting compliance. While generating reports and conducting assessments are valuable, they do not directly engage employees in understanding and adhering to security policies. Securing management support is important, but without awareness programs, the effectiveness of compliance may be limited.