nerdexam
(ISC)2

CISSP · Question #533

Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?

The correct answer is D. Remove potential communication barriers.. Effective communication of a security strategy requires eliminating obstacles that prevent the message from reaching all affected parties. Removing communication barriers is the foundational requirement that enables all other communication efforts to succeed.

Submitted by jaden.t· Mar 5, 2026Security and Risk Management

Question

Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?

Options

  • AInvolve representatives from each key organizational area.
  • BProvide regular updates to the board of directors.
  • CNotify staff of changes to the strategy.
  • DRemove potential communication barriers.

How the community answered

(26 responses)
  • A
    8% (2)
  • C
    4% (1)
  • D
    88% (23)

Why each option

Effective communication of a security strategy requires eliminating obstacles that prevent the message from reaching all affected parties. Removing communication barriers is the foundational requirement that enables all other communication efforts to succeed.

AInvolve representatives from each key organizational area.

Involving representatives from key organizational areas is a best practice for developing a security strategy, but it addresses governance and input-not the actual communication of the strategy to all affected parties.

BProvide regular updates to the board of directors.

Providing regular updates to the board of directors addresses upward reporting to a specific stakeholder group, but does not ensure the strategy is effectively communicated to all affected parties across the organization.

CNotify staff of changes to the strategy.

Notifying staff of changes is a reactive and partial communication activity that only addresses updates to an existing strategy, not the broader requirement of effectively communicating the strategy to all affected parties.

DRemove potential communication barriers.Correct

Removing potential communication barriers is the prerequisite for any successful security strategy communication, as barriers such as language differences, lack of access, organizational silos, or technical jargon can prevent the message from reaching all affected parties. Without addressing these barriers first, even well-intentioned efforts like updates or notifications will fail to reach their intended audience. This is a core principle in security awareness and communication frameworks, ensuring the strategy is universally understood and actionable.

Concept tested: Security strategy communication and barrier removal

Source: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/effective-communication-of-information-security-strategy

Topics

#security awareness#security communication#organizational security strategy

Community Discussion

No community discussion yet for this question.

Full CISSP Practice