B. Reducing organizational security risk should be the primary goal of an information security manager when designing information security policies. This is because the primary purpose of information security policies is to protect the organization and its assets from potential threats and risks. By reducing organizational security risk, the organization is better protected and less likely to experience security incidents that can cause damage to the organization, its reputation and its customers. While minimizing cost and improving protection of information are important considerations, they should not take precedence over reducing risk as it is the ultimate goal of the information security policies. Achieving organizational objectives should be considered as well as it will help to align the security policies with the overall goals of the organization.
When designing information security policies, the primary goal of an information security manager should be to achieve organizational objectives. This ensures that security measures are aligned with the overall goals and priorities of the organization, supporting business operations and strategic initiatives. By focusing on achieving organizational objectives, the information security manager can ensure that security policies are relevant, effective, and contribute to the success of the organization.
The right answer is D, because information security is a supporting function to achieve organizational business objectives.
The right answer is NOT B: its might be possible that all existing risks within the organization are currently rated as acceptable - hence, there is no need to reduce risk, but to maintain the healthy risk level.
Same thought goes for C.
Organization can decide to accept risks to achieving its organizational objectives. Then, ISM's PRIMARY gol is not minimize organizational (option B) or information (option C) risks.
I'd say it's D for two reasons:
1) ISACA tends to emphasize that the whole point of security is to support the business and business goals and objectives.
2) Security risk is actually reduced through security controls, not policies. Policies are high-level stuff that provide a general idea what management wants to achieve.
Going to have to go with D on this one. ISACA heavily leans on aligning security goals with business objectives. And anyone using chatgpt to help them through these questions should just take your $600 for the certification cost and throw it in the trash.
B. Reducing organizational security risk
The PRIMARY goal of an information security manager when designing information security policies should be to reduce organizational security risk. Information security policies are put in place to protect an organization's sensitive data, systems, and assets from various threats and vulnerabilities. By focusing on reducing security risks, an organization can better protect itself from potential breaches, data leaks, and other security incidents.
the PRIMARY goal of an information security manager when designing information security policies is C. Improving the protection of information. This is because the primary goal of an information security policy is to protect the confidentiality, integrity and availability of information.
Reducing risk is the purpose of the entire exercise. However, it would've been justified in the initial steps and objectives will be set based on that. Leading into the reason for the security policies, which has to align with the objectives that have been already set. The fact that they will help reduce risk is given.
The PRIMARY goal of an information security manager when designing information security policies should be to improve the protection of information. While minimizing the cost of security controls, reducing organizational security risk, and achieving organizational objectives are important considerations, the ultimate goal of information security policies is to protect the confidentiality, integrity, and availability of organizational information. By improving information protection, an organization can reduce the risk of security incidents and minimize the impact of any incidents that do occur.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 2 years, 1 month agoEvedzy
1 year, 2 months agorichck102
Highly Voted 1 year, 8 months agoHN2025
Most Recent 1 month agoJosef4CISM
1 month, 3 weeks agoBooict
6 months agoThavee
10 months, 3 weeks agoSalilgen
12 months agoAlexJacobson
1 year, 1 month agoSpaceMonkey1
1 year, 1 month agoPOWNED
1 year, 2 months agojcisco123
1 year, 2 months agowickhaarry
1 year, 5 months agooluchecpoint
1 year, 5 months agomad68
1 year, 9 months agoDravidian
1 year, 10 months agoSouvik124
2 years ago