Certified Information Security Manager (CISM) — Question 621

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Answer options

• A. developing a security program that meets global and regional requirements.
• B. ensuring effective communication with local regulatory bodies.
• C. monitoring compliance with defined security policies and standards.
• D. using industry best practice to meet local legal regulatory requirements.

Correct answer: A

Explanation

The correct answer is A because the CISO needs to ensure that the overall security program encompasses both global and regional regulatory requirements to be compliant across all locations. While options B, C, and D are important, they are secondary to developing a comprehensive security program that meets all necessary regulations.