CISA Certified Information Systems Auditor – Question0550

Which of the following should be the PRIMARY objective of an information security governance framework?

A.
Increase the organization’s return on security investment.
B. Provide a baseline for optimizing the security profile of the organization.
C. Ensure that users comply with the organization’s information security policies.
D. Demonstrate compliance with industry best practices to external stakeholders.

Correct Answer: B