Certified Information Security Manager (CISM) — Question 440
Which of the following is the PRIMARY purpose of establishing an information security governance framework?
Answer options
- A. To proactively address security objectives
- B. To reduce security audit issues
- C. To enhance business continuity planning
- D. To minimize security risks
Correct answer: A
Explanation
The correct answer is A, as the primary aim of an information security governance framework is to set and achieve security objectives proactively. While options B, C, and D are important aspects of security, they serve as secondary benefits rather than the primary focus of establishing such a framework.