When implementing effective security governance within the requirements of the company’s
security strategy, which of the following is the MOST important factor to consider?

A.
Preserving the confidentiality of sensitive data

B.
Establishing international security standards for data sharing

C.
Adhering to corporate privacy standards

D.
Establishing system manager responsibility for information security

Explanation:

The goal of information security is to protect the organization’s information assets. International
security standards are situational, depending upon the company and its business. Adhering to
corporate privacy standards is important, but those standards must be appropriate and adequate
and are not the most important factor to consider. All employees are responsible for information
security, but it is not the most important factor to consider.