CISA Certified Information Systems Auditor – Question0541

The effectiveness of an information security governance framework will BEST be enhanced if:

A.
consultants review the information security governance framework
B. a culture of legal and regulatory compliance is promoted by management
C. IS auditors are empowered to evaluate governance activities
D. risk management is built into operational and strategic activities

Correct Answer: B