What is one of the core objectives of continual improvement in an ISMS?

One of the core objectives of continual improvement in an Information Security Management System (ISMS) is to evolve with changing business needs. This aspect is crucial because organizations operate in dynamic environments where technology, regulations, and risk landscapes continuously evolve. Continual improvement ensures that the ISMS adapts to these changes, enabling the organization to maintain effective security measures that align with current business objectives and external factors.

By focusing on evolving with changing business needs, an organization can enhance its resilience against emerging threats, improve its processes, and ensure compliance with relevant regulations. This aligns with the overall goal of an ISMS to protect information assets while supporting the organization's objectives.

The other options do not align with the principle of continual improvement. Maintaining the status quo undermines the purpose of improvement, while minimizing training programs can lead to a lack of knowledge that hinders effective security practices. Eliminating all risks is unattainable, as risk management focuses on understanding and managing risks rather than complete elimination.