CISM Certified Information Security Manager – Question0017

Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:

A.
organizational risk.
B. organization wide metrics.
C. security needs.
D. the responsibilities of organizational units.

Correct Answer: A

Explanation:

Explanation:
Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.