Certified Information Security Manager (CISM) — Question 1073

The PRIMARY reason for senior management to monitor information security metrics is to ensure:

Answer options

• A. alignment of the information security budget to corporate funding.
• B. alignment of information security with corporate governance.
• C. alignment of security and IT objectives.
• D. alignment with risk mitigation efforts.

Correct answer: B

Explanation

The correct answer is B because senior management needs to ensure that information security aligns with corporate governance to maintain compliance and strategic direction. Options A, C, and D, while important, do not address the overarching governance aspect that is critical for senior leadership's oversight.