Which of the following is the MOST important reason why information security objectives should
be defined?

A.
Tool for measuring effectiveness

B.
General understanding of goals

C.
Consistency with applicable standards

D.
Management sign-off and support initiatives

Explanation:

The creation of objectives can be used in part as a source of measurement of the effectiveness of
information security management, which feeds into the overall governance. General
understanding of goals and consistency with applicable standards are useful, but are not the
primary reasons for having clearly defined objectives. Gaining management understanding is
important, but by itself will not provide the structure for governance.