Certified Information Security Manager (CISM) — Question 392

Which of the following is the MOST important reason for an organization to develop an information security governance program?

Answer options

• A. Establishment of accountability
• B. Compliance with audit requirements
• C. Creation of tactical solutions
• D. Monitoring of security incidents

Correct answer: A

Explanation

The most crucial reason for developing an information security governance program is to establish accountability, ensuring that roles and responsibilities regarding security are clearly defined. While compliance, tactical solutions, and monitoring are important aspects, they do not provide the foundational structure that accountability offers, which is essential for effective governance.