Certified Information Security Manager (CISM) — Question 203

Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?

Answer options

• A. Information security awareness training
• B. Risk assessment program
• C. Information security governance
• D. Information security metrics

Correct answer: C

Explanation

Information security governance is essential as it provides a framework for managing and directing an organization's cybersecurity efforts, ensuring alignment with business objectives. While the other options are important, they serve more as components of a cybersecurity program rather than the overarching governance that integrates and prioritizes all security initiatives.