CISA Certified Information Systems Auditor – Question2758 - CISA Certified Information Systems Auditor

In the context of effective information security governance, the primary objective of value delivery is to:

A. optimize security investments in support of business objectives.
B. implement a standard set of security practices.
C. institute a standards-based solution.
D. implement a continuous improvement culture.

Correct Answer: A

Explanation:

Explanation:
In the context of effective information security governance, value delivery is implemented to ensure optimization of security investments in support of business objectives. The tools and techniques for implementing value delivery include implementation of a standard set of security practices, institutionalization and commoditization of standards-based solutions, and implementation of a continuous improvement culture considering security as a process, not an event.