The FIRST step to create an internal culture that focuses on information security is to:

Posted by: Pdfprep Category: CISM Tags: , ,

The FIRST step to create an internal culture that focuses on information security is to:
A . implement stronger controls.
B . conduct periodic awareness training.
C . actively monitor operations.
D . gain the endorsement of executive management.

Answer: D

Explanation:

Endorsement of executive management in the form of policies provides direction and awareness. The implementation of stronger controls may lead to circumvention. Awareness training is important, but must be based on policies. Actively monitoring operations will not affect culture at all levels.

Leave a Reply

Your email address will not be published.