Certified Information Security Manager (CISM) — Question 708
If an organization does not have an information security governance framework in place, which of the following would BEST facilitate the adoption of a future governance program?
Answer options
- A. Audit recommendations
- B. IT department support
- C. Information security funding
- D. Involvement of business stakeholders
Correct answer: D
Explanation
Involving business stakeholders is crucial as it ensures that the governance program aligns with organizational objectives and has the necessary buy-in from key participants. While audit recommendations, IT support, and funding are important, they do not guarantee the comprehensive integration and commitment that stakeholder involvement provides.