Certified Information Security Manager (CISM) — Question 382

When supporting an organization's privacy officer which of the following is the information security manager's PRIMARY role regarding privacy requirements?

Answer options

• A. Ensuring appropriate controls are in place
• B. Monitoring the transfer of private data
• C. Determining data classification
• D. Conducting privacy awareness programs

Correct answer: A

Explanation

The primary role of the information security manager is to ensure that the appropriate controls are implemented to protect privacy requirements. While monitoring data transfer, classifying data, and conducting awareness programs are important, they fall under secondary responsibilities compared to establishing robust controls.