CISM Question #695: Real Exam Question with Answer & Explanation

The correct answer is D: Communicate and enforce security policies. Communicating and enforcing security policies is the most effective way to shape organizational culture because it combines awareness with accountability. Culture is ultimately driven by behavior, and behavior changes when expectations are clearly communicated AND there are conse

Submitted by tyler.j· Apr 18, 2026Information Security Governance

Question

Which of the following is the MOST effective way to influence organizational culture to align with security guidelines?

Options

AAdhere to regulatory requirements
BConduct security awareness programs
CDocument and distribute security procedures
DCommunicate and enforce security policies

Explanation

Communicating and enforcing security policies is the most effective way to shape organizational culture because it combines awareness with accountability. Culture is ultimately driven by behavior, and behavior changes when expectations are clearly communicated AND there are consequences for non-compliance. Option A (regulatory adherence) is reactive and externally driven, not a cultural driver. Option B (awareness programs) educates but lacks enforcement teeth. Option C (documenting and distributing procedures) is necessary but insufficient on its own-documentation without enforcement does not change behavior. Enforcement signals that security is a genuine organizational priority, which is what shifts culture.

Topics

#Organizational Culture#Security Policies#Policy Enforcement#Security Governance

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions