IsacaIsaca
CISM · Question #125
CISM Question #125: Real Exam Question with Answer & Explanation
The correct answer is A: Implementing security awareness programs. Security awareness programs are the most effective way to communicate information security responsibilities broadly and repeatedly across an organization, fostering a culture of security.
Submitted by ashley.k· Apr 18, 2026Information Security Program Development and Management
Question
Which of the following is the MOST effective way to convey information security responsibilities across an organization?
Options
- AImplementing security awareness programs
- BDefining information security responsibilities in the security policy
- CDeveloping a skills matrix
- DDocumenting information security responsibilities within job descriptions
Explanation
Security awareness programs are the most effective way to communicate information security responsibilities broadly and repeatedly across an organization, fostering a culture of security.
Common mistakes.
- B. While defining responsibilities in a security policy is crucial, policies alone are often not read or understood by all employees without supplementary communication.
- C. A skills matrix identifies necessary skills for roles but doesn't primarily convey security responsibilities to all employees.
- D. Documenting responsibilities in job descriptions is important for specific roles but does not effectively communicate general information security duties to the entire workforce.
Concept tested. Security awareness and training effectiveness
Topics
#Security Awareness#Employee Responsibilities#Communication#Security Program Management
Community Discussion
No community discussion yet for this question.