Free ISACA CISM Actual Exam Questions - Question 10 Discussion

I’m thinking option B might have a stronger case here. Training directly engages staff and helps them understand why the policies matter, which can build acceptance from the ground up. Management support is important, but if employees don’t get what’s expected of them through training, acceptance could still lag. Could training alone really drive better buy-in than visible management backing though?

It’s A because when senior management visibly supports security policies, employees take them more seriously. Without that tone from the top, even good training or funding might not get staff on board.

D imo. Without enough funding, even strong policies or training can fall flat since resources to implement them won’t be there. Money often drives the practical side of acceptance.

B imo, training directly engages staff and boosts understanding more than just top-level support.

A imo, but does the question specify the size or type of organization? That might affect which factor really drives staff acceptance.