CISSP · Question #533
Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?
The correct answer is D. Remove potential communication barriers.. Effective communication of a security strategy requires eliminating obstacles that prevent the message from reaching all affected parties. Removing communication barriers is the foundational requirement that enables all other communication efforts to succeed.
Question
Options
- AInvolve representatives from each key organizational area.
- BProvide regular updates to the board of directors.
- CNotify staff of changes to the strategy.
- DRemove potential communication barriers.
How the community answered
(26 responses)- A8% (2)
- C4% (1)
- D88% (23)
Why each option
Effective communication of a security strategy requires eliminating obstacles that prevent the message from reaching all affected parties. Removing communication barriers is the foundational requirement that enables all other communication efforts to succeed.
Involving representatives from key organizational areas is a best practice for developing a security strategy, but it addresses governance and input-not the actual communication of the strategy to all affected parties.
Providing regular updates to the board of directors addresses upward reporting to a specific stakeholder group, but does not ensure the strategy is effectively communicated to all affected parties across the organization.
Notifying staff of changes is a reactive and partial communication activity that only addresses updates to an existing strategy, not the broader requirement of effectively communicating the strategy to all affected parties.
Removing potential communication barriers is the prerequisite for any successful security strategy communication, as barriers such as language differences, lack of access, organizational silos, or technical jargon can prevent the message from reaching all affected parties. Without addressing these barriers first, even well-intentioned efforts like updates or notifications will fail to reach their intended audience. This is a core principle in security awareness and communication frameworks, ensuring the strategy is universally understood and actionable.
Concept tested: Security strategy communication and barrier removal
Source: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/effective-communication-of-information-security-strategy
Topics
Community Discussion
No community discussion yet for this question.