CISA Certified Information Systems Auditor – Question2729 - CISA Certified Information Systems Auditor

When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:

A. establishment of a review board.
B. creation of a security unit.
C. effective support of an executive sponsor.
D. selection of a security process owner.

Correct Answer: C

Explanation:

Explanation:
The executive sponsor would be in charge of supporting the organization’s strategic security program, and would aid in directing the organization’s overall security management activities. Therefore, support by the executive level of management is the most critical success factor (CSF). None of the other choices are effective without visible sponsorship of top management.