A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?
A.
Poor audit support for the security program
B.
A lack of executive presence within the security program
C.
Poor alignment of the security program to business needs
D.
This is normal since business units typically resist security requirements
A security program that fails to align with organizational goals often faces resistance, resulting in exceptions and pressure to modify processes.
Key Indicators:
Frequent exceptions indicate a disconnect between security policies and business operations.
Alignment ensures that security is seen as an enabler, not a hindrance, to business objectives.
Why Not Other Options:
Poor audit support (A) is unrelated to the root cause of pressure for changes.
Lack of executive presence (B) affects leadership but not directly alignment issues.
Resistance from business units (D) is not normal; it suggests misalignment.
EC-Council Emphasis:
Aligning security programs with business needs is essential for reducing friction and fostering collaboration.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit