An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
A.
Propose that IT update information security policies and procedures.
B.
Request that internal audit conduct a review of the policy development process.
C.
Conduct user awareness training within the IT function.
D.
Determine the risk related to noncompliance with the policy.
D. Determine the risk related to noncompliance with the policy.
Before making any changes to policies or conducting training, it's essential to understand the potential impact of noncompliance. Once the risks are assessed, the information security manager can make informed decisions about how to address the issue effectively. This step is crucial for ensuring that any actions taken align with the organization's security goals and priorities.
D. Determine the risk related to noncompliance with the policy.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AlexJacobson
9 months, 2 weeks agooluchecpoint
1 year, 1 month agoGoseu
1 year, 3 months agorichck102
1 year, 3 months ago