Certified Information Security Manager (CISM) — Question 1085
Which of the following is MOST important to include in an enterprise information security policy?
Answer options
- A. Acceptable use
- B. Security objectives
- C. Security metrics
- D. Audit trail review requirements
Correct answer: B
Explanation
The correct answer is B, as security objectives provide a clear framework and direction for the organization's information security efforts. While acceptable use, security metrics, and audit trail review requirements are important, they support the overarching security objectives rather than define them.