Isaca CISM Exam - Topic 1 Question 113 Discussion

Actual exam question for Isaca's CISM exam

Question #: 113
Topic #: 1

[All CISM Questions]

Which of the following should be the PRIMARY objective of an information security governance framework?

AProvide a baseline for optimizing the security profile of the organization.

BDemonstrate senior management commitment.

CDemonstrate compliance with industry best practices to external stakeholders.

DEnsure that users comply with the organization's information security policies.

Show Suggested Answer

Suggested Answer: A

According to the Certified Information Security Manager (CISM) Study Manual, 'The primary objective of information security governance is to provide a framework for managing and controlling information security practices and technologies at an enterprise level. Its goal is to manage and reduce risk through a process of identification, assessment, and management of those risks.'

While demonstrating senior management commitment, compliance with industry best practices, and ensuring user compliance with policies are all important aspects of information security governance, they are not the primary objective. The primary objective is to manage and reduce risk by establishing a framework for managing and controlling information security practices and technologies at an enterprise level.

Certified Information Security Manager (CISM) Study Manual, 15th Edition, Page 60.

by Merri at May 31, 2026, 10:41 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!