CISM Certified Information Security Manager – Question0929 - CISM Certified Information Security Manager

The BEST way to ensure that information security policies are followed is to:

A. distribute printed copies to all employees.
B. perform periodic reviews for compliance.
C. include escalating penalties for noncompliance.
D. establish an anonymous hotline to report policy abuses.

Correct Answer: B

Explanation:

Explanation:
The best way to ensure that information security policies are followed is to periodically review levels of compliance. Distributing printed copies, advertising an abuse hotline or linking policies to an international standard will not motivate individuals as much as the consequences of being found in noncompliance. Escalating penalties will first require a compliance review.