CISM Certified Information Security Manager – Question0093 - CISM Certified Information Security Manager

In implementing information security governance, the information security manager is PRIMARILY responsible for:

A. developing the security strategy.
B. reviewing the security strategy.
C. communicating the security strategy.
D. approving the security strategy

Correct Answer: A

Explanation:

Explanation:
The information security manager is responsible for developing a security strategy based on business objectives with the help of business process owners. Reviewing the security strategy is the responsibility of a steering committee. The information security manager is not necessarily responsible for communicating or approving the security strategy.