The FIRST step in developing an information security management program is to:

The FIRST step in developing an information security management program is to:
A . identify business risks that affect the organization.
B . clarify organizational purpose for creating the program.
C . assign responsibility for the program.
D . assess adequacy of controls to mitigate business risks.

Answer: B

Explanation:

In developing an information security management program, the first step is to clarify the organization’s purpose for creating the program. This is a business decision based more on judgment than on any specific quantitative measures. After clarifying the purpose, the other choices are assigned and acted upon.

Latest CISM Dumps Valid Version with 1327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments