The Primary Objective of an Information Security Governance Framework

B.

The PRIMARY objective of an information security governance framework is to provide a strategic approach to managing an organization's information security program. The framework should provide direction, guidance, and support for implementing, maintaining, and continually improving the organization's information security program.

Answer A: Increasing the organization's return on security investment is a valid objective of an information security governance framework, but it is not the primary objective. The primary objective is to provide a strategic approach to managing the organization's information security program.

Answer B: Providing a baseline for optimizing the security profile of the organization is a valid objective of an information security governance framework. However, it is not the primary objective. The primary objective is to provide a strategic approach to managing the organization's information security program.

Answer C: Ensuring that users comply with the organization's information security policies is an important objective of an information security governance framework, but it is not the primary objective. The primary objective is to provide a strategic approach to managing the organization's information security program.

Answer D: Demonstrating compliance with industry best practices to external stakeholders is a valid objective of an information security governance framework, but it is not the primary objective. The primary objective is to provide a strategic approach to managing the organization's information security program.

In conclusion, the PRIMARY objective of an information security governance framework is to provide a strategic approach to managing the organization's information security program. The framework should provide direction, guidance, and support for implementing, maintaining, and continually improving the organization's information security program.