Exam CISM topic 1 question 51 discussion

B makes for me more sense...since A is a part of B since when you are complaint obviosly you have defined roles responsibilities and accountability.

The primary responsibility of an information security governance program is to establish accountability within the organization. By defining clear roles, responsibilities, and expectations, the organization ensures that information security is managed proactively and effectively, aligned with business objectives, and capable of adapting to new threats and challenges.

A. While compliance with audit requirements, tactical solutions, and monitoring security incidents are all important aspects of information security management, they are best addressed within the context of a well-structured information security governance program. Accountability, strategic alignment, and proactive risk management are key drivers of effective information security governance.

Information security governance involves the development and implementation of a framework that ensures accountability for information security at all levels of the organization. This includes defining roles, responsibilities, and decision-making processes related to information security. By establishing accountability, organizations can create a structured approach to managing and protecting their information assets. While compliance with audit requirements (option B), creation of tactical solutions (option C), and monitoring of security incidents (option D) are important aspects of information security, the establishment of accountability through a governance program is foundational. It provides a structured and strategic approach to managing information security that aligns with business objectives and ensures that responsibilities are clearly defined throughout the organization.

A. While compliance with audit requirements, tactical solutions, and monitoring security incidents are all important aspects of information security management, they are best addressed within the context of a well-structured information security governance program. Accountability, strategic alignment, and proactive risk management are key drivers of effective information security governance.

To me it would be a compliance issue first, then the governance brings accountability

B. Compliance with audit requirements

A. Right? Governance = accountability...really it doesn't but this is the best answer.