Which of the following outcomes is NOT expected from effective information security governance?

Effective information security governance encompasses a variety of outcomes that aim to ensure the organization's information security practices support its overall goals and objectives. The expected outcomes include value delivery, strategic alignment, and risk management, all of which play a crucial role in enhancing the security posture of the organization and ensuring that information security initiatives support its broader business objectives.

Value delivery refers to the assurance that security efforts provide tangible benefits to the organization, contributing to business objectives and improving the overall value of investments in security measures. Strategic alignment ensures that security initiatives align with the organization's overall strategy, facilitating cooperation across departments and ensuring that security is integrated into all business processes.

Risk management, on the other hand, involves identifying, assessing, and mitigating risks associated with information assets, enabling the organization to minimize exposure to threats and vulnerabilities effectively.

Establishing performance baselines, while an important activity within information security management, is not typically highlighted as a direct outcome of effective governance. This task is more aligned with operational activities, such as measuring the effectiveness of security controls or performance metrics, rather than emphasized as an outcome of governance itself. Governance focuses more on guiding principles, oversight, and alignment with business strategy rather than on establishing specific performance baselines. Therefore, it is the expectation regarding performance baselines