1.6.2 Executive Management and Information Security

Questions and Answers

What is the main responsibility of an organization’s executive management team?

• Managing the IT infrastructure
• Defining the information security program
• Providing employee training
• Ensuring regulatory compliance (correct)

What is the role of the chief information security officer (CISO) or senior cybersecurity manager?

• Defining the information security program (correct)
• Managing the organization's finances
• Providing employee training
• Implementing marketing strategies

What is expected of the cybersecurity manager in relation to the executive management team?

• Define the organization's vision
• Set the tone for cybersecurity management
• Coordinate with external stakeholders
• Act as an advisor (correct)

What does the visible involvement of executive management indicate to other managers?

The level of importance expected for risk management (A)

In what capacity does the cybersecurity manager often operate in relation to the executive management team?

Advisor (A)

What is the primary responsibility of executive management in relation to information risk management?

Set the tone for cybersecurity management within the organization (D)