ITIL · Question #395
Which of the following provides the PRIMARY source of guidance on what needs to be protected by information security management?
The correct answer is C. Business management. Business management is the primary source of guidance for information security because security policy must align with and protect business objectives and assets.
Question
Which of the following provides the PRIMARY source of guidance on what needs to be protected by information security management?
Options
- AIT management
- BService desk manager
- CBusiness management
- DThe change manager
How the community answered
(43 responses)- A7% (3)
- B2% (1)
- C86% (37)
- D5% (2)
Why each option
Business management is the primary source of guidance for information security because security policy must align with and protect business objectives and assets.
IT management implements and maintains security controls but takes strategic direction from business stakeholders on protection priorities - it is not the primary source.
The service desk manager is responsible for handling incidents and customer communications, not for determining information security protection requirements.
Information security management exists to protect business assets and enable business objectives, so business management defines which data, systems, and processes are critical and what level of risk is acceptable. Security strategy must be driven by business value and priorities, not by IT or operational roles. IT and security teams then implement controls in alignment with the requirements set by business management.
The change manager oversees the change management process to control risk from changes, but does not define what information assets require protection.
Concept tested: ITIL information security management governance source
Source: https://www.axelos.com/certifications/itil-service-management/itil-foundation
Topics
Community Discussion
No community discussion yet for this question.