Certified Information Security Manager (CISM) — Question 903

Which of the following is MOST important for the effective implementation of an information security governance program?

Answer options

• A. Information security roles and responsibilities are documented
• B. The program budget is approved and monitored by senior management
• C. Employees receive customized information security training
• D. The program goals are communicated and understood by the organization

Correct answer: D

Explanation

The correct answer, D, highlights the importance of clear communication and understanding of program goals within the organization, which is vital for alignment and effectiveness. While A, B, and C are important aspects of an information security governance program, without effective communication of goals, those elements may not be fully realized or acted upon.