Discover why stakeholder buy-in is crucial for successful information security governance, surpassing risk management, technology alignment, and policy definition.
Table of Contents
Question
Which of the following contributes MOST to the effectiveness of information security governance?
A. Properly managed risk
B. Alignment with technology strategy
C. Stakeholder commitment
D. A defined security policy
Answer
C. Stakeholder commitment
Explanation
C. Stakeholder commitment is the most crucial factor for effective information security governance. While other options are important, stakeholder buy-in ensures proper implementation and ongoing support for security initiatives.
- Properly managed risk (A) is vital, but it’s a component of the overall governance framework, not the driving force.
- Alignment with technology strategy (B) is important for ensuring security solutions are compatible, but it doesn’t guarantee effective governance.
- A defined security policy (D) sets the foundation, but without commitment from stakeholders, it remains a document without practical impact.
Stakeholder commitment encompasses:
- Leadership support: Executives allocate resources and prioritize security.
- Employee buy-in: Individuals understand and adhere to security policies.
- Business unit engagement: Security aligns with business objectives.
Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.