ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 168 discussion

Actual exam question from Isaca's CISM
Question #: 168
Topic #: 1
[All CISM Questions]

To set security expectations across the enterprise, it is MOST important for the information security policy to be regularly reviewed and endorsed by:

  • A. security administrators.
  • B. senior management.
  • C. the chief information security officer (CISO).
  • D. the IT steering committee.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by aokisan at Dec. 26, 2022, 3:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dark_3k03r
Highly Voted 2 months ago
Selected Answer: B
Summary of responsibilities as it concerns policies: - CISO is responsible for overseeing the creation of policies - InfoSec Governance is responsible for creating policies - Senior Management is responsible for reviewing and endorsing. - IT Steering Committee is responsible for approving policies. - Security Administrators implement and enforce the policies
upvoted 6 times
...
wello
Most Recent 1 month, 1 week ago
Selected Answer: B
Senior Mgt.
upvoted 1 times
...
richck102
1 month, 1 week ago
B. senior management.
upvoted 1 times
...
dark_3k03r
3 months ago
Selected Answer: B
The correct answer is B Cause The information security policy should be reviewed and endorsed by the organization's senior management. This is because senior management is responsible for the overall security of the organization and for ensuring that the information security policy is aligned with the organization's business goals. Also endorsing it gives it the authority and weight that it needs to be effective. (A) Is incorrect cause security administrators apply the enforcement but don't write the policy (C) Is incorrect cause this isn't inclusive (D) is Incorrect cause this doesn't span multiple departments.
upvoted 2 times
...
Prospect57
5 months, 3 weeks ago
Selected Answer: B
B is my choice. "IT" in the "IT Steering Committee" is what was throwing me off. I was going to select this, but then realized that. If it was the "Security Steering Committee," I believe this would have been the answer. Concurring with Baranikumar_v below.
upvoted 1 times
...
aokisan
6 months, 2 weeks ago
Selected Answer: D
committee approved security policy.
upvoted 2 times
baranikumar_v
6 months, 2 weeks ago
D. IT steering committee is incorrect. the key word here is "IT". A person from IT team would be part of Security Steering committee. However, IT steering commitee would not be the right group of members to approve the security policy.
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago