Certified Information Security Manager (CISM) — Question 915

The ability to integrate information security governance into corporate governance is PRIMARILY driven by:

Answer options

• A. the percentage of corporate budget allocated to the information security program.
• B. how often information security metrics are presented to senior management.
• C. how often the information security steering committee reviews and updates security policies.
• D. how well the information security program supports business objectives.

Correct answer: D

Explanation

The correct answer is D because the alignment of the information security program with business objectives ensures that security initiatives support the overall goals of the organization. Options A, B, and C are important but are secondary factors that do not drive the integration as fundamentally as the alignment with business objectives.