CISM Certified Information Security Manager – Question0977

A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

A.
The organization uses a decentralized privacy governance structure.
B. Privacy policies are only reviewed annually.
C. The organization does not have a dedicated privacy officer.
D. The privacy program does not include a formal training component.

Correct Answer: D