Certified Information Security Manager (CISM) — Question 798

Which of the following is the BEST indication of effective information security governance?

Answer options

• A. Information security is considered the responsibility of the entire information security team.
• B. Information security is integrated into corporate governance.
• C. Information security governance is based on an external security framework.
• D. Information security controls are assigned to risk owners.

Correct answer: B

Explanation

The correct answer, B, highlights that effective information security governance should be aligned with corporate governance, ensuring accountability and strategic alignment. Options A and D indicate responsibilities but do not reflect integration into corporate governance, while option C suggests reliance on external frameworks rather than internal governance practices.