CISSP-ISSMP Question #36: Real Exam Question with Answer & Explanation

The correct answer is D: Analyze the current business strategy.. Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. Answer options A and B are incorrect. These are the invalid answers because prior to assess

Security Program Development

Question

Which of the following steps is the initial step in developing an information security strategy?

Options

APerform a technical vulnerabilities assessment.
BAssess the current levels of security awareness.
CPerform a business impact analysis.
DAnalyze the current business strategy.

Explanation

Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. Answer options A and B are incorrect. These are the invalid answers because prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. Answer option C is incorrect. A business impact analysis is performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy.

Topics

#Information Security Strategy#Strategic Planning#Business Alignment#Program Development Lifecycle

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice Browse All CISSP-ISSMP Questions