An information security organization should PRIMARILY: 

Answer options:

A. support the business objectives of the company by providing security-related support services.
B. be responsible for setting up and documenting the information security responsibilities of the information security team members.
C. ensure that the information security policies of the company are in line with global best practices and standards.
D. ensure that the information security expectations are conveyed to employees.

A

The information security organization is responsible for options B and D within an organization, but they are not its primary mission. Reviewing and adopting appropriate standards (option C) is a requirement. The primary objective of an information security organization is to ensure that security supports the overall business objectives of the company.