Certified Information Security Manager (CISM) — Question 689

Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Answer options

• A. The framework provides a roadmap to maximize revenue through the secure use of technology.
• B. The framework is able to confirm the validity of business goals and strategies.
• C. The framework defines managerial responsibilities for risk impacts to business goals.
• D. The framework provides direction to meet business goals while balancing risks and controls.

Correct answer: D

Explanation

The correct answer is D because the primary benefit of an information security governance framework is to guide organizations in achieving their business objectives while effectively managing risks and controls. Options A, B, and C, while relevant, do not capture the essence of balancing business goals with risk management as comprehensively as option D does.