CISM Certified Information Security Manager – Question0696

After adopting an information security framework, an information security manager is working with senior management to change the organization-wide perception that information security is solely the responsibility of the information security department. To achieve this objective, what should be the information security manager's FIRST initiative?

A.
Develop an operational plan providing best practices for information security projects.
B. Develop an information security awareness campaign with senior management's support.
C. Document and publish the responsibilities of the information security department.
D. Implement a formal process to conduct periodic compliance reviews.

Correct Answer: B