CISM Certified Information Security Manager – Question1475

Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of a new security governance framework?

A.
Information security management does not fully accept the responsibility for information security governance.
B. Executive leadership views information security governance primarily as a concern of the information security management team.
C. Information security staff has little or no experience with the practice of information security governance.
D. Executive leadership becomes involved in decisions about information security governance.

Correct Answer: A