Certified Information Security Manager (CISM) — Question 246

Which of the following is the MOST important consideration when developing information security objectives?

Answer options

• A. They are regularly reassessed and reported to stakeholders
• B. They are approved by the IT governance function
• C. They are clear and can be understood by stakeholders
• D. They are identified using global security frameworks and standards

Correct answer: C

Explanation

The clarity and comprehensibility of security objectives (option C) are crucial because stakeholders need to grasp their significance to support and implement them effectively. While regular reassessment (option A), approval by governance (option B), and adherence to frameworks (option D) are important, they become less effective if the objectives themselves are not easily understood by those involved.