Certified Information Security Manager (CISM) — Question 1072

Which of the following is the MOST important goal of an information security program?

Answer options

• A. Optimizing resources
• B. Reducing risk factors
• C. Managing controls
• D. Enhancing business decision making

Correct answer: B

Explanation

The correct answer is B, as the main aim of an information security program is to minimize risks that could potentially compromise the confidentiality, integrity, and availability of information. While optimizing resources, managing controls, and enhancing decision-making are important, they are secondary to the fundamental goal of reducing risk factors.