Certified Information Security Manager (CISM) — Question 988

To improve an organization's information security culture, it is MOST important for senior management to:

Answer options

• A. participate in security training.
• B. review security budget and resources.
• C. demonstrate good security practices.
• D. approve security policies.

Correct answer: C

Explanation

The correct answer is C because when senior management demonstrates good security practices, it sets a positive example for the rest of the organization, reinforcing the importance of security. Options A, B, and D are supportive actions but do not have the same direct impact on influencing the overall culture as demonstrating good practices does.