Which of the following would be the MOST important goal of an information security governance
program?
A.
Review of internal control mechanisms
B.
Effective involvement in business decision making
C.
Total elimination of risk factors
D.
Ensuring trust in data
Explanation:
The development of trust in the integrity of information among stakeholders should be the primary
goal of information security governance. Review of internal control mechanisms relates more to
auditing, while the total elimination of risk factors is not practical or possible. Proactive involvement
in business decision making implies that security needs dictate business needs when, in fact, just
the opposite is true. Involvement in decision making is important only to ensure business data
integrity so that data can be trusted.