Which of the following should be the FIRST step in developing an information security plan?

CISM 0 Comments

Which of the following should be the FIRST step in developing an information security plan?
A . Perform a technical vulnerabilities assessment
B . Analyze the current business strategy
C . Perform a business impact analysis
D . Assess the current levels of security awareness

Answer: B

Explanation:

Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.

Latest CISM Dumps Valid Version with 1327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISM PDF     CISM Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments