Senior management commitment and support for information security can BEST be enhanced through:
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support.
Although having the chief executive officer (CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management.
Security awareness training for employees will not have as much effect on senior management commitment.
The best way to enhance senior management commitment and support for information security is to establish a formal security policy that is sponsored by the chief executive officer (CEO). This answer is the most appropriate because it directly addresses the need for senior management to be committed to information security, and the CEO is the most senior member of management.
A formal security policy outlines the organization's approach to information security, including policies, procedures, and guidelines. It establishes the expectations and requirements for all employees, contractors, and other stakeholders with access to the organization's information assets. Senior management sponsorship of the security policy indicates their support for the policies and requirements specified within the document.
Regular security awareness training for employees is important, but it is not the best way to enhance senior management commitment and support for information security. Although security awareness training is necessary to educate employees about information security risks and how to mitigate them, it does not directly address the need for senior management sponsorship.
Periodic review of alignment with business management goals is also important for information security, but it does not necessarily enhance senior management commitment and support for information security. While it is important to align information security goals with business management goals, this does not necessarily mean that senior management is committed to information security.
Senior management signoff on the information security strategy is important, but it is not as effective as establishing a formal security policy sponsored by the CEO. While senior management signoff is necessary to ensure that the strategy is aligned with business goals and objectives, it does not necessarily indicate a commitment to information security.
In summary, the most effective way to enhance senior management commitment and support for information security is to establish a formal security policy sponsored by the CEO.