Certified in Risk and Information Systems Control (CRISC) — Question 769

The MOST important objective of information security controls is to:

Answer options

• A. enforce strong security solutions.
• B. identify threats and vulnerabilities.
• C. provide measurable risk reduction.
• D. ensure alignment with industry standards.

Correct answer: C

Explanation

The correct answer, C, emphasizes the need for measurable risk reduction, which is central to effective information security. Options A and B are important but are means to achieving risk reduction rather than objectives themselves. Option D focuses on compliance, which is also vital but secondary to the primary goal of mitigating risk.