312-50V11 · Question #280
A security policy will be more accepted by employees if it is consistent and has the support of
The correct answer is B. executive management.. Security policies gain broader organizational acceptance and enforceability when they carry the visible backing of executive management, whose authority creates a top-down mandate for compliance.
Question
A security policy will be more accepted by employees if it is consistent and has the support of
Options
- Acoworkers.
- Bexecutive management.
- Cthe security officer.
- Da supervisor.
How the community answered
(26 responses)- A4% (1)
- B96% (25)
Why each option
Security policies gain broader organizational acceptance and enforceability when they carry the visible backing of executive management, whose authority creates a top-down mandate for compliance.
Coworker support can create a positive security culture but does not carry the authority or organizational weight needed to mandate compliance with formal policy.
Executive management sponsorship signals that security policy is an organizational priority, not just an IT recommendation, which motivates employees at all levels to comply. Without executive backing, employees may view policies as optional or low-priority. This is a foundational principle in security governance frameworks such as ISO 27001 and NIST SP 800-12, both of which require management commitment as a prerequisite to an effective security program.
The security officer is responsible for developing and advocating the policy, but lacks the cross-departmental authority that executive management holds to compel acceptance.
Supervisors can reinforce compliance within their teams, but their authority is limited in scope and does not substitute for an organization-wide executive mandate.
Concept tested: Security policy governance - executive management support
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-12.pdf
Topics
Community Discussion
No community discussion yet for this question.