Certified Information Security Manager (CISM) — Question 873

Which of the following is MOST important to include in an information security policy?

Answer options

• A. Maturity levels
• B. Baselines
• C. Best practices
• D. Management objectives

Correct answer: D

Explanation

Management objectives are essential as they set the direction and priorities for the organization's information security efforts. While maturity levels, baselines, and best practices provide valuable frameworks and guidelines, they are secondary to having clear management objectives that align with the organization's overall goals.