CISA Certified Information Systems Auditor – Question1032

Which of the following is the MAIN purpose of an information security management system?

A.
To enhance the impact of reports used to monitor information security incidents
B. To reduce the frequency and impact of information security incidents
C. To identify and eliminate the root causes of information security incidents
D. To keep information security policies and procedures up-to-date

Correct Answer: B