🔥 3-day streak
ISACA CISM — Certified Information Security Manager97 / 121
Question 97 of 121

A newly appointed information security manager observes that the organization's security program lacks clear separation between strategic direction-setting and day-to-day operational execution. Executives frequently make operational security decisions, while the security team independently sets risk appetite without executive input. To correct this, which distinction should the manager emphasize when redefining roles and responsibilities?

Reviewed for accuracy · Report an issueNext question