Certified Information Security Manager (CISM) — Question 614

When implementing a security policy for an organization handling personally identifiable information (PII), the MOST important objective should be:

Answer options

• A. strong encryption
• B. regulatory compliance
• C. security awareness training
• D. data availability

Correct answer: B

Explanation

The most important objective is regulatory compliance because organizations must adhere to laws and regulations that protect PII. While strong encryption, security awareness training, and data availability are important, they are secondary to ensuring compliance with relevant regulations to avoid legal repercussions.