Certified Information Security Manager (CISM) — Question 405

The PRIMARY goal of information security governance is to:

Answer options

• A. reduce risk to an acceptable level.
• B. align with business processes.
• C. align with business objectives.
• D. establish a security strategy.

Correct answer: C

Explanation

The correct answer is C because the primary aim of information security governance is to ensure that security initiatives are aligned with the overall business objectives to support the organization's mission. Options A, B, and D, while relevant to security management, do not capture the core goal of aligning security with business objectives.