Certified Information Security Manager (CISM) — Question 746

Which of the following is the BEST indication of a successful information security culture?

Answer options

• A. The budget allocated for information security is sufficient
• B. End users know how to identify and report incidents
• C. Individuals are given roles based on job functions
• D. Penetration testing is done regularly and findings remediated

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of end users' ability to identify and report incidents, which is crucial for a strong security culture. While options A, C, and D are important aspects of security, they do not directly reflect the active participation and awareness of users, which is vital for a successful information security environment.