Certified Information Security Manager (CISM) — Question 455

When preparing an information security policy for a global organization, how should an information security manager BEST address local legislation in multiple countries?

Answer options

• A. Rely on local interpretation of the global policy to comply with local legislation.
• B. Create a policy exception process for each country.
• C. Enforce the same global policy in every country.
• D. Establish local policies for each country that supplement the global policy.

Correct answer: D

Explanation

The correct answer is D because establishing local policies allows for compliance with specific local laws while still aligning with the overall global policy. Option A is insufficient as it relies too heavily on interpretation, while B creates unnecessary complexity and C fails to accommodate local legal requirements.