🔥 3-day streak
ISACA CISM — Certified Information Security Manager54 / 121
Question 54 of 121

A newly appointed information security manager finds that security decisions are made informally within the IT department and are not visible to or endorsed by the enterprise's existing corporate governance structures (board committees, risk committee, and audit committee). The manager wants information security to become a sustainable part of how the organization is directed and controlled. Which action would BEST achieve this objective?

Reviewed for accuracy · Report an issueNext question