CISM Certified Information Security Manager – Question0577

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise’s security management framework?

A.
To determine the desired state of enterprise security
B. To establish the minimum level of controls needed
C. To satisfy auditors’ recommendations for enterprise security
D. To ensure industry best practices for enterprise security are followed

Correct Answer: A