Certified Information Security Manager (CISM) — Question 26

A large organization is in the process of developing its information security program that involves working with several complex organizational functions. Which of the following will BEST enable the successful implementation of this program?

Answer options

• A. Security governance
• B. Security policy
• C. Security metrics
• D. Security guidelines

Correct answer: A

Explanation

Security governance provides a framework for aligning security initiatives with business goals, ensuring that all functions work cohesively towards a common security strategy. While security policies, metrics, and guidelines are important, they are components of the broader governance structure and do not provide the same level of comprehensive oversight and direction.