Which of the following BEST demonstrates effective information security management within an organization?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The BEST demonstration of effective information security management within an organization is option C: Information security governance is incorporated into organizational governance.
Explanation: Effective information security management involves establishing and maintaining a comprehensive, integrated, and continuous approach to manage and protect an organization's information assets.
Option A: Employees support decisions made by information security management is important, but it alone is not enough to demonstrate effective information security management. Employees' support for information security management decisions is necessary, but it is just one aspect of the overall management of information security.
Option B: Excessive risk exposure in one department can be absorbed by other departments is not an effective information security management practice. Risk should be managed appropriately and proactively, and not just shifted to other departments.
Option D: Control ownership is assigned to parties who can accept losses related to control failure is an important consideration, but it does not fully demonstrate effective information security management. It is essential to have the right people take ownership of control, but this alone is not sufficient for effective information security management.
Option C: Information security governance is incorporated into organizational governance is the BEST demonstration of effective information security management. Incorporating information security governance into organizational governance means that information security is a key part of the organization's overall governance framework. This demonstrates that information security is viewed as an integral part of the organization's business processes and decision-making at all levels. It ensures that information security policies, procedures, and controls are aligned with the organization's overall objectives and strategies, and that they are consistently applied throughout the organization.