Certified Information Security Manager (CISM) — Question 996

An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?

Answer options

• A. Data backup strategy
• B. Organizational reporting structure
• C. Local regulations
• D. Consistency in awareness programs

Correct answer: C

Explanation

The main concern of the information security manager should be local regulations because compliance with laws governing PII is crucial for avoiding legal issues. While data backup strategies, organizational reporting structures, and awareness programs are important, they do not directly address the legal requirements that vary by location.