CISM Certified Information Security Manager – Question0144

Which of the following is the MOST appropriate board-level activity for information security governance?

A.
Establish security and continuity ownership
B. Develop “what-if” scenarios on incidents
C. Establish measures for security baselines
D. Include security in job-performance appraisals

Correct Answer: A