Certified Information Security Manager (CISM) — Question 172

Which of the following is MOST important when designing an information security governance framework?

Answer options

• A. Assessing the availability of information security resources
• B. Assessing the current state of information security
• C. Aligning with the information security strategy
• D. Aligning with industry best practice frameworks

Correct answer: C

Explanation

The correct answer is C because aligning with the information security strategy ensures that the governance framework supports the organization's overall objectives and priorities. Options A and B, while important, focus on resources and current states rather than strategic alignment, and option D, although relevant, is secondary to ensuring that the governance framework directly aligns with the organization's specific information security strategy.