CISM Certified Information Security Manager – Question0149

When developing an information security governance framework, which of the following would be the MAIN impact when lacking senior management involvement?

A.
Accountability for risk treatment is not clearly defined.
B. Information security responsibilities are not communicated effectively.
C. Resource requirements are not adequately considered.
D. Information security plans do not support business requirements.

Correct Answer: C