Certified Information Security Manager (CISM) — Question 869

An organization is strategizing on how to improve security awareness. Which of the following is MOST important to consider when developing this strategy?

Answer options

• A. Technical solutions for delivery
• B. Cost to implement
• C. Organizational culture
• D. Organizational maturity

Correct answer: C

Explanation

The correct answer is C, as understanding the organizational culture is crucial to ensure that security awareness initiatives resonate with employees and are effectively adopted. While technical solutions, costs, and maturity are important, they are secondary to aligning the strategy with the existing culture to promote engagement and compliance.