Certified Information Security Manager (CISM) — Question 319
Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?
Answer options
- A. Minimizing the cost of security controls
- B. Reducing organizational security risk
- C. Improving the protection of information
- D. Achieving organizational objectives
Correct answer: D
Explanation
The primary aim of an information security manager should be to ensure that security policies align with and support the organization's objectives, making option D the correct choice. While minimizing costs, reducing risks, and improving protection are important, they are secondary to achieving the overarching goals of the organization.