Enterprise goals are the most critical input because security policies must align with and support the organization’s objectives and mission. Policies that do not align with enterprise goals are less likely to gain management support and may not effectively protect key assets.
“Information security must support enterprise goals and objectives to ensure alignment with the broader business strategy.”
— CISM Review Manual 15th Edition, Chapter 1: Information Security Governance, Section: Alignment with Business Goals and Objectives
ISACA’s CISM questions reiterate that alignment with enterprise goals is essential for policy effectiveness.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit