Certified Information Security Manager (CISM) — Question 581

The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

Answer options

• A. explain the organization's preferred practices for security.
• B. ensure that all business units have the same strategic security goals.
• C. ensure that all business units implement identical security procedures.
• D. provide evidence for auditors that security practices are adequate.

Correct answer: A

Explanation

The correct answer is A because documenting security guidelines primarily serves to outline the organization's preferred security practices, which helps in maintaining consistency across the organization. Options B and C focus on alignment and uniformity, which are important but not the main purpose of documentation. Option D, while relevant for compliance, is not the primary intent of creating these guidelines.