Certified Information Security Manager (CISM) — Question 766

Which of the following is the MOST important reason to implement information security governance?

Answer options

• A. To align the security strategy with the organization’s strategy
• B. To monitor the performance of information security resources
• C. To monitor the achievement of business goals and objectives
• D. To provide adequate resources to achieve business goals

Correct answer: A

Explanation

The most critical reason for implementing information security governance is to ensure that the security strategy is in harmony with the overall organizational strategy, which is represented by option A. The other options, while important, focus on monitoring and resource allocation rather than directly aligning security with organizational goals.