Certified Information Security Manager (CISM) — Question 1177

Which of the following is the BEST way to align security and business strategies?

Answer options

• A. Establish key performance indicators (KPIs) for the business.
• B. Integrate information security governance into corporate governance.
• C. Ensure the information security program conforms to industry standards.
• D. Include security risk as part of ongoing metrics reporting.

Correct answer: B

Explanation

The correct answer, B, highlights the importance of embedding information security governance into the overall corporate governance framework, ensuring alignment with business strategies. Options A, C, and D, while beneficial for security management, do not directly align security with business objectives as effectively as integrating governance does.