Certified Information Security Manager (CISM) — Question 931

Which of the following MOST effectively supports an organization's security culture?

Answer options

• A. Business unit security metrics
• B. An information governance framework
• C. Stakeholder involvement
• D. A security mission statement

Correct answer: C

Explanation

Stakeholder involvement is crucial for building a strong security culture as it ensures that everyone is engaged and invested in security practices. While business unit security metrics, an information governance framework, and a security mission statement are important, they do not have the same direct impact on promoting active participation and acceptance of security measures among all members of the organization.