Certified Information Security Manager (CISM) — Question 386

Which of the following is a PRIMARY objective of an information security governance framework?

Answer options

• A. To provide the basis for action plans to achieve information security objectives organization-wide
• B. To achieve the desired information security state as defined by business unit management
• C. To align the relationships of stakeholders involved in developing and executing an information security strategy
• D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk

Correct answer: A

Explanation

The correct answer, A, highlights the framework's role in guiding the creation of action plans that support the organization's information security objectives. Options B, C, and D, while important, focus on specific aspects of security management rather than the overarching aim of establishing a basis for comprehensive action across the organization.