Certified Information Security Manager (CISM) — Question 397

Information security awareness programs are MOST effective when they are:

Answer options

• A. sponsored by senior management.
• B. reinforced by computer-based training.
• C. customized for each target audience.
• D. conducted at employee orientation.

Correct answer: A

Explanation

The correct answer is A because when senior management sponsors the program, it emphasizes the importance of security culture within the organization. Options B, C, and D, while beneficial, do not carry the same weight of authority and commitment that comes from leadership involvement.