CISM Certified Information Security Manager – Question1103

To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:

A.
end users.
B. legal counsel.
C. operational units.
D. audit management.

Correct Answer: C

Explanation:

Explanation:
Procedures at the operational level must be developed by or with the involvement of operational units that will use them. This will ensure that they are functional and accurate. End users and legal counsel are normally not involved in procedure development. Audit management generally oversees information security operations but does not get involved at the procedural level.