Certified Information Security Manager (CISM) — Question 71

Which of the following is a PRIMARY responsibility of the information security governance function?

Answer options

• A. Administering information security awareness training
• B. Advising senior management on optimal levels of risk appetite and tolerance
• C. Defining security strategies to support organizational programs
• D. Ensuring adequate support for solutions using emerging technologies

Correct answer: C

Explanation

The correct answer is C because defining security strategies is essential for aligning security measures with organizational goals. Options A and D are more operational and tactical in nature, while B, although important, pertains to advisory roles rather than governance responsibilities.