CISM Certified Information Security Manager – Question0033

The PRIMARY goal in developing an information security strategy is to:

A.
establish security metrics and performance monitoring.
B. educate business process owners regarding their duties.
C. ensure that legal and regulatory requirements are met
D. support the business objectives of the organization.

Correct Answer: D

Explanation:

Explanation: The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.