Certified Information Security Manager (CISM) — Question 623

Which of the following factors would have the MOST significant impact on an organization's information security governance model?

Answer options

• A. Corporate culture
• B. Outsourced processes
• C. Number of employees
• D. Security budget

Correct answer: A

Explanation

Corporate culture plays a critical role in shaping an organization's approach to information security governance, as it dictates how employees prioritize security practices. While outsourced processes, the number of employees, and security budget are important, they are secondary to the foundational influence of corporate culture on behavior and compliance.