Certified Information Security Manager (CISM) — Question 272

Which of the following should be the PRIMARY goal of information security?

Answer options

• A. Business alignment
• B. Regulatory compliance
• C. Data governance
• D. Information management

Correct answer: A

Explanation

The primary goal of information security is to ensure that security practices align with business objectives, facilitating both protection and operational efficiency. While regulatory compliance, data governance, and information management are important, they serve as means to support the overarching goal of business alignment.