Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda. From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?
A major concern about the CISO's approach to security is the lack of sponsorship from executive management. Effective information security leadership necessitates strong support from the executive team to advance security agendas, gain necessary resources, and ensure comprehensive organizational adherence to security policies. Without executive sponsorship, the CISO will face significant challenges in aligning security efforts with business objectives and leading effectively across the enterprise.
Given that this scenario pertains to the Certified Chief Information Security Officer (CCISO) exam by the EC-Council, the focus is on leadership and strategic alignment within the organization. Considering the CISO's challenges in advancing the IT security agenda, the major concern likely revolves around the broader organizational and leadership context. The Major Concern: D. Lack of sponsorship from executive management Explanation: Lack of Sponsorship from Executive Management: Effective information security leadership requires strong support and sponsorship from the executive management team. Without this backing, the CISO will struggle to advance the security agenda, gain necessary resources, and ensure organization-wide adherence to security policies and initiatives. Executive sponsorship is crucial for aligning security efforts with business goals and for empowering the CISO to lead effectively across the enterprise.
B is the answer , ciso is not aligned with business
B could be the answer from an IS/Business perspective. The CISO is not concentrating on meeting the needs of the business side.
Answer is D.
I think it should be D.