Certified Information Security Manager (CISM) — Question 1150

Which of the following is the BEST indication of effective information security governance?

Answer options

• A. Comprehensive security policies reflect organizational objectives.
• B. Information security is integrated into organizational processes.
• C. The information security program follows industry best practices.
• D. An information security risk register is maintained.

Correct answer: B

Explanation

The correct answer, B, indicates that information security is a fundamental part of the organization's operations, ensuring that security measures are consistently applied. While options A, C, and D are important aspects of security governance, they do not fully demonstrate the integration of security into the organization's core processes as effectively as option B does.