CISM Certified Information Security Manager – Question0134

What is the MOST important factor in the successful implementation of an enterprise wide information security program?

A.
Realistic budget estimates
B. Security awareness
C. Support of senior management
D. Recalculation of the work factor

Correct Answer: C

Explanation:

Explanation:
Without the support of senior management, an information security program has little chance of survival. A company’s leadership group, more than any other group, will more successfully drive the program. Their authoritative position in the company is a key factor. Budget approval, resource commitments, and companywide participation also require the buy-in from senior management. Senior management is responsible for providing an adequate budget and the necessary resources. Security awareness is important, but not the most important factor. Recalculation of the work factor is a part of risk management.