Certified Information Security Manager (CISM) — Question 133

Which of the following should be the PRIMARY outcome of an information security program?

Answer options

• A. Threat reduction
• B. Strategic alignment
• C. Risk elimination
• D. Cost reduction

Correct answer: B

Explanation

The primary outcome of an information security program is strategic alignment, as it ensures that security initiatives support the overall business objectives and strategy. Threat reduction, risk elimination, and cost reduction are important, but they should be aligned with the organization's strategic goals to be effective.