ISACA defines this domain as follows: “Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.”
Gregory, Peter H.; Gregory, Peter H.. CISM Certified Information Security Manager Bundle (p. 49). McGraw Hill LLC. Kindle Edition.
The correct answer is D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk.
The primary objective of an information security governance framework is to provide assurance that information assets are provided a level of protection proportionate to their inherent risk. This means that the framework should establish a clear set of policies, processes, and controls that are designed to ensure that information assets are protected in a manner that is commensurate with their level of risk. The framework should be designed to provide an appropriate balance between risk and cost, taking into account the value of the assets, the likelihood of a security breach, and the potential consequences of such a breach. By ensuring that information assets are protected in a manner that is proportionate to their inherent risk, the governance framework helps to ensure that the organization's information security objectives are met in a comprehensive and cost-effective manner.
Most closely aligned with Option A. In option D is mentioning that providing level of protection proportionate to inherent risk. Not talking reducing risk to the acceptable level.
The primary objective of an information security governance framework is D. To provide assurance that information assets are provided a level of protection proportionate to their inherent risk.
While the other options mentioned, such as providing the basis for action plans (Option A), achieving the desired information security state (Option B), and aligning stakeholder relationships (Option C), are important aspects of information security governance, they are not the primary objective. The primary objective is to ensure that information assets are adequately protected based on their risk profile.
Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.”
C. To align the relationships of stakeholders involved in developing and executing an information security strategy.
An information security governance framework aims to establish a structure and processes for effectively managing and overseeing information security within an organization. It involves the alignment of various stakeholders, including senior management, business units, IT departments, and other relevant parties, to ensure that information security objectives are properly defined, implemented, and monitored.
The PRIMARY objective of an information security governance framework is to provide assurance that information assets are provided a level of protection proportionate to their inherent risk.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CarlPTY07
Highly Voted 1 year, 7 months agoBroesweelies
Highly Voted 1 year, 8 months agosursur
Most Recent 5 months, 2 weeks agoMarcelus1714
8 months, 1 week agoAlexJacobson
8 months, 3 weeks agoSilverFox
11 months agokoala_lay
1 year agowickhaarry
1 year agoBl1024
1 year agorichck102
1 year, 3 months agomad68
1 year, 5 months agoSouvik124
1 year, 8 months ago