CISM Question #381: Real Exam Question with Answer & Explanation

The correct answer is C: protect the company brand.. The primary driver for a social media policy is protecting the company brand. Employees posting inappropriate, confidential, or misleading content can cause immediate and lasting reputational damage. Preventing malware spread (A) is a concern but is better addressed through techn

Submitted by certguy· Apr 18, 2026Information Security Governance

Question

The MOST important reason for an organization to establish a social media policy is to:

Options

Aprevent the spread of malware.
Bincrease employee productivity.
Cprotect the company brand.
Dmonitor employee activity on the Internet.

Explanation

The primary driver for a social media policy is protecting the company brand. Employees posting inappropriate, confidential, or misleading content can cause immediate and lasting reputational damage. Preventing malware spread (A) is a concern but is better addressed through technical controls, not a social media policy. Increasing productivity (B) may be a side benefit but is not the core security or business reason. Monitoring employee internet activity (D) is a secondary capability and raises legal/ethical concerns. Brand protection encompasses legal liability, public trust, and competitive standing, making it the most critical organizational concern addressed by a social media policy.

Topics

#Social Media Policy#Brand Protection#Policy Objectives#Reputational Risk

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions