Exam CISM topic 1 question 604 discussion

D. Obtaining management commitment is the MOST helpful activity to support compliance with information security policy. Information security policies and standards set the framework for protecting sensitive information and managing security risks within an organization. However, it is the management's commitment to enforcing these policies and ensuring they are implemented effectively that is crucial to ensuring compliance.

A. Conducting information security awareness programs. Obtaining management commitment is essential for overall security success, but it's awareness programs that have the most direct impact on ensuring employees follow security policies.

A - ensures that all employees understand the information security policies, their importance, and how to comply with them. This ongoing education helps to create a culture of security within the organization, making it more likely that policies will be followed consistently. D is important too but does not directly address the day-to-day compliance with security policies by all employees.

A- activity that supports compliance.

A is the best choice here

"Activity" is the key word. Management support is not activity, but conducting security awareness trainings is. Besides, that security trainings help with everyone (and their activities) staying in compliance with security policies.

A. Conducting information security awareness programs ........obtaining management commitment is important but that as directly related an activity as awareness training. In the context of the question, A is the best answer.

A Its asking what Activity

A, Its asking for what activity ?

A. Conducting information security awareness programs

YES IS THE D