When reviewing an organization's IT governance processes, which of the following provides the BEST indication that information security expectations are being met at all levels?
A.
Achievement of established security metrics
B.
Approval of the security program by senior management
C.
Utilization of an internationally recognized security standard
D.
Implementation of a comprehensive security awareness program
While implementation of a comprehensive security awareness program (option D) is important for promoting a culture of security awareness and education among employees, it may not necessarily provide the best indication that information security expectations are being met at all levels. Security awareness programs are essential components of an organization's overall security strategy, but they primarily focus on educating and empowering employees to recognize and mitigate security risks rather than directly measuring the effectiveness of security controls and processes.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Swallows
1 month, 1 week agoChangwha
12 months ago