Certified Information Security Manager (CISM) — Question 478

The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to:

Answer options

• A. comply with security policy.
• B. increase corporate accountability.
• C. enforce individual accountability.
• D. reinforce the need for training.

Correct answer: C

Explanation

The correct answer is C, as defining roles ensures that individuals are held accountable for their specific security tasks. While options A, B, and D are important aspects of security management, they do not directly address the need for individual responsibility, which is crucial for effective security practices.