Certified Information Security Manager (CISM) — Question 695
The PRIMARY purpose of an information security governance framework is to ensure that the information security strategy is an extension of:
Answer options
- A. organizational strategies.
- B. information technology strategies.
- C. formal enterprise architecture.
- D. approved business cases.
Correct answer: A
Explanation
The correct answer, A, indicates that the information security strategy should be integrated with the overarching organizational strategies to be effective. Options B, C, and D focus on specific aspects that may not encompass the broader objectives of the organization as a whole.