Information Security Manager's Role in Corporate Governance

C.

In the context of supporting a large corporation's board of directors in the development of governance, the primary function of the information security manager is to provide advice and guidance. This is because the information security manager is responsible for ensuring the confidentiality, integrity, and availability of the organization's information and information systems.

Providing advice and guidance involves helping the board of directors to understand the risks associated with the organization's information and information systems and to make informed decisions about how to mitigate those risks. This may involve recommending security controls, developing policies and procedures, and conducting risk assessments.

While gaining the commitment of senior management, preparing the security budget, and developing a balanced scorecard are all important functions of an information security manager, they are not the primary function in the context of supporting a large corporation's board of directors in the development of governance.

Gaining the commitment of senior management is important for ensuring that the organization's information security program has the necessary support and resources to be effective. However, this is not the primary function in the context of supporting the board of directors.

Preparing the security budget is important for ensuring that the organization has the necessary resources to implement its information security program. However, this is a tactical function that is typically delegated to the information security manager rather than being a primary function in the context of supporting the board of directors.

Developing a balanced scorecard is a tool that can be used to measure the effectiveness of an organization's information security program. While this is an important function, it is not the primary function in the context of supporting the board of directors in the development of governance.