CISM Certified Information Security Manager – Question1118

Who is responsible for raising awareness of the need for adequate funding for risk action plans?

A.
Chief information officer (CIO)
B. Chief financial officer (CFO)
C. Information security manager
D. Business unit management

Correct Answer: C

Explanation:

Explanation:
The information security manager is responsible for raising awareness of the need for adequate funding for risk-related action plans. Even though the chief information officer (CIO), chief financial officer (CFO) and business unit management are involved in the final approval of fund expenditure, it is the information security manager who has the ultimate responsibility for raising awareness.