ITIL-FOUNDATION · Question #395
Which of the following provides the PRIMARY source of guidance on what needs to be protected by information security management?
The correct answer is C. Business management. Business management is the primary source of guidance for information security management because security priorities must reflect business value, risk appetite, and compliance obligations.
Question
Which of the following provides the PRIMARY source of guidance on what needs to be protected by information security management?
Options
- AIT management
- BService desk manager
- CBusiness management
- DThe change manager
How the community answered
(24 responses)- A4% (1)
- B13% (3)
- C79% (19)
- D4% (1)
Why each option
Business management is the primary source of guidance for information security management because security priorities must reflect business value, risk appetite, and compliance obligations.
IT management implements security controls but does not define the strategic business requirements that determine what must be protected.
The service desk manager coordinates incident response and user support, not the strategic direction of information security protection requirements.
Information security management exists to protect business assets, so its requirements and priorities must originate from business management, which defines what data, services, and systems are critical. Business management also sets the risk tolerance and regulatory compliance expectations that security policies must satisfy.
The change manager governs the change management process and plays no role in setting information security protection requirements.
Concept tested: Business-driven guidance for information security management
Source: https://www.axelos.com/certifications/itil-service-management/itil-4-foundation
Topics
Community Discussion
No community discussion yet for this question.