Certified Information Security Manager (CISM) — Question 514

Which of the following is the PRIMARY objective of integrating information security governance into corporate governance?

Answer options

• A. To align security goals with the information security program
• B. To ensure the business supports information security goals
• C. To adequately safeguard the business in achieving its mission
• D. To obtain management commitment for sustaining the security program

Correct answer: C

Explanation

The correct answer, C, highlights the importance of protecting the organization while it pursues its objectives, which is fundamental to governance. The other options focus on aligning or supporting security goals, but they do not directly address the overarching need to safeguard the business's mission.