CISM Certified Information Security Manager – Question0932

Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?

A.
Adequate security policies and procedures
B. Periodic compliance reviews
C. Security steering committees
D. Security awareness campaigns

Correct Answer: D

Explanation:

Explanation:
Security awareness campaigns will be more effective at changing an organizational culture than the creation of steering committees and security policies and procedures. Compliance reviews are helpful; however, awareness by all staff is more effective because compliance reviews are focused on certain areas groups and do not necessarily educate.