What does COBIT suggest regarding information security management?

COBIT emphasizes the importance of establishing governance objectives to ensure that information security is effectively managed and protected. This aligns with its overarching framework, which prioritizes governance and management across various domains, including information security. By setting clear governance objectives, organizations can create a structured approach that addresses the risks associated with information security, ensuring that appropriate measures are in place to safeguard data while aligning security initiatives with business goals. This comprehensive governance approach integrates people, processes, and technology to create a robust information security management framework.

The other options do not reflect COBIT's recommendations. Minimal investment in security measures would undermine the significance of information security, while complete outsourcing might overlook the importance of in-house governance and accountability. Additionally, focusing solely on technology solutions ignores the critical role that processes and people play in a comprehensive security management strategy.