Certified Information Security Manager (CISM) — Question 928

Which of the following actions by senior management would BEST enable a successful implementation of an information security governance framework?

Answer options

• A. Demonstrating support for the business and information security governance functions
• B. Delegating the implementation of the framework to information security management
• C. Promoting the use of an internationally recognized governance framework
• D. Engaging a consulting firm specializing in information security governance and standards

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of management's visible support, which is crucial for fostering a culture of security within the organization. Option B is incorrect as delegating implementation without active involvement can lead to a lack of accountability. Option C, while beneficial, does not address the need for management's active support. Option D may provide expertise, but without management backing, the implementation may still falter.