When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The MOST important goal for a governing body when trying to integrate information security across an organization is to ensure that information security is treated as a business-critical issue (answer B).
This is because information security is a fundamental component of an organization's overall risk management strategy, and it requires a comprehensive and systematic approach to be effective. Treating information security as a business-critical issue means that it is given the appropriate attention and resources needed to identify, assess, and manage risks associated with the organization's information assets.
An organization's governing body should take a leadership role in promoting and supporting information security initiatives throughout the organization. This involves creating a culture of security awareness, ensuring that information security policies and procedures are in place, and promoting continuous education and training for employees.
Funding approval for information security projects (answer C) is also important, as information security requires a significant investment in resources, including personnel, hardware, and software. However, without treating information security as a business-critical issue, it may be challenging to secure the necessary funding.
Periodic information security audits (answer D) are an essential component of an organization's information security program. However, they are only one piece of the puzzle. Regular audits can help identify areas of weakness and opportunities for improvement. Still, they are not sufficient without the appropriate attention, resources, and cultural support provided by the governing body.
Finally, keeping resources used for information security projects to a minimum (answer A) may seem desirable from a cost perspective, but it is not an appropriate goal for the governing body. Organizations must invest the necessary resources to adequately protect their information assets and mitigate the risks associated with cyber threats. Cutting corners on information security can result in significant financial and reputational damage in the event of a security breach.