CISA Exam QuestionsBrowse all questions from this exam
Go to Exam

CISA Exam - Question 648

Which of the following is the MAIN purpose of an information security management system?

Show Answer
Correct Answer: BD

The main purpose of an information security management system (ISMS) is to reduce the frequency and impact of information security incidents. An ISMS provides a comprehensive framework for managing and protecting an organization's information assets through risk assessment, implementation of controls, continual monitoring, and improvement. This proactive approach ensures the minimization of potential security breaches and supports the overall resilience of the organization against information security threats.

Discussion

9 comments
Sign in to comment
m4s7erOption: B
Jan 25, 2023

answer is B

JONESKAOption: B
Jul 16, 2023

Should be B. Keeping information security policies and procedures up-to-date (option D) is an important aspect of an ISMS, but it is not the main purpose. An ISMS involves a more comprehensive approach to managing information security, encompassing not only policies and procedures but also risk assessment, controls implementation, monitoring, and continuous improvement.

RS66Option: B
Jul 11, 2024

ISMS contains a lot more than policies and procedures. I say B and not D.

NehalpandyaOption: D
May 25, 2021

correct answrr should be D

Clair665
Jun 14, 2021

NO I think the answer is B

inddirOption: B
Jun 15, 2021

Answer should be B because that should be the MAIN purpose or outcome security policies and procedures

JhennOption: B
Aug 6, 2021

B is the Answer: An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

DeeplaxmiOption: B
Sep 20, 2022

i feel B

[Removed]Option: B
Dec 9, 2023

an ISMS is usually implemented as the result of risk analysis to eliminate or reduce risk to an acceptable level

SwallowsOption: B
Jul 21, 2024

An information security management system provides an organization with a structured approach to address information security incidents and minimize their frequency and impact, including implementing appropriate security measures, assessing and managing risks, quickly detecting and responding to incidents, and strengthening preventive measures.