Certified Information Security Manager (CISM) — Question 323

Which of the following is the PRIMARY purpose of implementing information security standards?

Answer options

• A. To provide a basis for developing information security policies
• B. To provide step-by-step instructions for performing security-related tasks
• C. To provide management direction with a specific security objective
• D. To establish a minimum acceptable security baseline

Correct answer: D

Explanation

The correct answer, D, is accurate because establishing a minimum acceptable security baseline ensures that all security measures meet a certain standard, which is essential for effective risk management. Options A, B, and C, while related to security management, do not specifically address the primary purpose of setting a baseline, which is crucial for consistent security practices.