Home » Isaca » CISM » Which of the following should be the FIRST step in developing an information security plan?
Which of the following should be the FIRST step in developing an information security plan?
A. Perform a technical vulnerabilities assessment
B. Analyze the current business strategy
C. Perform a business impact analysis
D. Assess the current levels of security awareness
Correct Answer: B
Explanation/Reference:
Explanation:
Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
