CISA Certified Information Systems Auditor – Question2802

The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

A.
alignment of the IT activities with IS audit recommendations.
B. enforcement of the management of security risks.
C. implementation of the chief information security officer's (CISO) recommendations.
D. reduction of the cost for IT security.

Correct Answer: B

Explanation:

Explanation:
The major benefit of implementing a security program is management’s assessment of risk and its mitigation to an appropriate level of risk, and the monitoring of the remaining residual risks. Recommendations, visions and objectives of the auditor and the chief information security officer (CISO) are usually included within a security program, but they would not be the major benefit.
The cost of IT security may or may not be reduced.