Certified Information Security Manager (CISM) — Question 547

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Answer options

• A. the board of directors.
• B. the information security officer.
• C. the steering committee.
• D. the internal audit manager.

Correct answer: A

Explanation

The board of directors holds the ultimate responsibility for overseeing the organization's information security objectives, ensuring they align with overall business goals. While the information security officer, steering committee, and internal audit manager have important roles, their responsibilities are part of a larger framework overseen by the board.