Certified Information Security Manager (CISM) — Question 313
Which of the following should be the PRIMARY basis for determining information security objectives?
Answer options
- A. Business strategy
- B. Regulatory requirements
- C. Information security strategy
- D. Data classification
Correct answer: A
Explanation
The primary basis for determining information security objectives should align with the business strategy, as it ensures that security efforts support the overall goals of the organization. While regulatory requirements, information security strategy, and data classification are important, they should not override the business's core objectives.