Which of the following is the MAIN purpose of an information security management system?

 The main purpose of an information security management system (ISMS) is to reduce the frequency and impact of information security incidents. An ISMS is a systematic approach to managing information security risks, policies, procedures, and controls within an organization. An ISMS aims to ensure the confidentiality, integrity, and availability of information assets, as well as to comply with relevant laws and regulations. The other options are not the main purpose of an ISMS, but rather some of its possible benefits or components. References:

CISA Review Manual (Digital Version), Chapter 7, Section 7.11

CISA Review Questions, Answers & Explanations Database, Question ID 205