CISM Certified Information Security Manager – Question0735 - CISM Certified Information Security Manager

Which of the following is generally considered a fundamental component of an information security program?

A. Role-based access control systems
B. Automated access provisioning
C. Security awareness training
D. Intrusion prevention systems (IPSs)

Correct Answer: C

Explanation:

Explanation: Without security awareness training, many components of the security program may not be effectively implemented. The other options may or may not be necessary, but are discretionary.