CISM Certified Information Security Manager – Question0127 - CISM Certified Information Security Manager

The FIRST step to create an internal culture that focuses on information security is to:

A. implement stronger controls.
B. conduct periodic awareness training.
C. actively monitor operations.
D. gain the endorsement of executive management.

Correct Answer: D

Explanation:

Explanation:
Endorsement of executive management in the form of policies provides direction and awareness. The implementation of stronger controls may lead to circumvention. Awareness training is important, but must be based on policies. Actively monitoring operations will not affect culture at all levels.