When an organization implements an information security governance framework, it is MOST important for executive leadership to have a direct role in:
When an organization implements an information security governance framework, it is MOST important for executive leadership to have a direct role in:
Executive leadership plays a critical role in ensuring alignment with organizational goals, risk management, and compliance. While reviewing policies and developing technical indicators are important, it is most vital for executives to approve information security standards and procedures. Their approval ensures that the standards and procedures align with the overall mission, regulatory requirements, and risk appetite of the organization.
D - approving information security standards and procedures for the organization”. While direct review by executives may not occur, their approval ensures alignment with organizational goals, risk management, and compliance. This is according to according to CISM principles. Not sure why the answer is A.