CISM · Question #233
CISM Question #233: Real Exam Question with Answer & Explanation
The correct answer is A: Alignment of information security strategy with organizational goals. The primary purpose of integrating information security governance into corporate governance is to ensure that security decisions, investments, and priorities directly support the organization's overall business objectives. Without this integration, security operates in a silo -
Question
Which of the following is the GREATEST benefit of integrating information security governance into corporate governance?
Options
- AAlignment of information security strategy with organizational goals
- BConsistent enforcement of information security policies organization-wide
- CImproved information security and risk management outcomes
- DStreamlined information security program implementation and maintenance
Explanation
The primary purpose of integrating information security governance into corporate governance is to ensure that security decisions, investments, and priorities directly support the organization's overall business objectives. Without this integration, security operates in a silo - potentially misallocating resources or creating friction with business goals. Consistent policy enforcement, improved risk outcomes, and streamlined implementation are all valuable benefits, but they are downstream effects of alignment. Alignment is the foundational benefit: once security strategy is tied to business strategy, the other improvements follow naturally. This is the core principle behind frameworks like COBIT and ISO 27001.
Topics
Community Discussion
No community discussion yet for this question.