Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
A . Lack of business continuity process
B . Lack of identification of technology stake holders
C . Lack of a security awareness program
D . Lack of influence with leaders outside IT
Answer: D