Certified Information Security Manager (CISM) — Question 744

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Answer options

• A. Job descriptions include requirements to read security policies.
• B. Senior management supports the policies.
• C. The policies are aligned to industry best practices.
• D. The policies are updated annually.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of senior management's backing for security policies, as their support is crucial for effective implementation and compliance. Options A, C, and D, while important, are secondary to having strong leadership support, which drives the overall security culture within the organization.