Certified Information Security Manager (CISM) — Question 1224

Which of the following is the GREATEST benefit of effective information security governance?

Answer options

• A. Treatment priorities are based on risk exposure.
• B. Information security standards are communicated to primary stakeholders.
• C. The information security budget is aligned to the organization.
• D. Executive management's strategy is aligned to the information security strategy.

Correct answer: A

Explanation

The greatest benefit of effective information security governance is that it ensures treatment priorities are determined by assessing risk exposure, which helps organizations allocate resources effectively. While the other options are important for maintaining security policies and budgets, they do not directly address the prioritization of security measures based on risk, which is crucial for protecting assets.