Certified Information Security Manager (CISM) — Question 997

Which of the following is MOST important when developing an information security governance framework?

Answer options

• A. Ensuring alignment with the organization's risk management framework
• B. Integrating security within the system development life cycle (SDLC) process
• C. Developing policies and procedures to support the framework
• D. Developing security incident response measures

Correct answer: A

Explanation

The correct answer is A because aligning with the organization's risk management framework is essential to ensure that security efforts are prioritized according to the organization's overall risk exposure. Options B, C, and D are important components of a security governance framework but do not take precedence over the need to align with risk management, which shapes the overall security strategy.