Certified Information Security Manager (CISM) — Question 986

Which of the following is MOST important for guiding the development and management of a comprehensive information security program?

Answer options

• A. Adopting information security program management best practices
• B. Aligning the organization's business objectives with IT objectives
• C. Establishing and maintaining an information security governance framework
• D. Implementing policies and procedures to address the information security strategy

Correct answer: C

Explanation

The correct answer, C, is essential as it establishes a structured framework for decision-making and accountability in information security. While options A, B, and D are important for effective security management, they do not provide the overarching governance that is necessary to ensure a comprehensive security program is developed and maintained effectively.