CISM Certified Information Security Manager – Question0703

What is the PRIMARY role of the information security program?

A.
To develop and enforce a set of security policies aligned with the business
B. To educate stakeholders regarding information security requirements
C. To perform periodic risk assessments and business impact analyses (BIAs)
D. To provide guidance in managing organizational security risk

Correct Answer: A