CISM Question #703: Real Exam Question with Answer & Explanation

The correct answer is B: To gain acceptance of the policy across the organization. Gaining acceptance of the policy across the organization is the primary reason for cross-functional involvement. Policies developed in isolation by IT or security teams often face resistance, workarounds, or non-compliance because stakeholders feel the policy was imposed on them

Submitted by omar99· Apr 18, 2026Information Security Governance

Question

Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

Options

ATo share responsibility for addressing security breaches
BTo gain acceptance of the policy across the organization
CTo decrease the workload of the IT department
DTo reduce the overall cost of policy development

Explanation

Gaining acceptance of the policy across the organization is the primary reason for cross-functional involvement. Policies developed in isolation by IT or security teams often face resistance, workarounds, or non-compliance because stakeholders feel the policy was imposed on them without understanding their business context. When business unit representatives participate in policy development, they develop ownership, the policy accounts for real-world operational needs, and adoption rates increase significantly. Option A (sharing responsibility for breaches) is not a valid policy development goal. Option C (decreasing IT workload) is a potential side effect but not the reason for stakeholder involvement. Option D (reducing cost) may occur incidentally but is not the primary driver.

Topics

#Stakeholder Involvement#Policy Development#Organizational Acceptance#Governance Principles

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions