Certified Information Security Manager (CISM) — Question 449

Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

Answer options

• A. Ensuring that key controls are embedded in the processes
• B. Providing information security policy training to the process owners
• C. Allocating sufficient resources
• D. Identifying risks in the processes and managing those risks

Correct answer: A

Explanation

The most effective approach is to embed key controls within the processes, as this directly integrates compliance into daily operations. While training process owners and allocating resources are important, they do not guarantee adherence in practice. Identifying and managing risks is also crucial, but it is reactive rather than proactive compared to embedding controls.