(ISC)2
CISSP · Question #960
An effective information security strategy is PRIMARILY based upon which of the following?
The correct answer is A. Risk management practices. A strategy that is focused solely on implementing security controls without a clear understanding of the organization's specific risks may result in over-engineering or under-engineering security controls. This can lead to unnecessary expense, operational disruption, or a false s
Submitted by suresh_in· Mar 5, 2026Security and Risk Management
Question
An effective information security strategy is PRIMARILY based upon which of the following?
Options
- ARisk management practices
- BSecurity budget constraints
- CSecurity control implementation
- DIndustry and regulatory standards
How the community answered
(18 responses)- A89% (16)
- C6% (1)
- D6% (1)
Explanation
A strategy that is focused solely on implementing security controls without a clear understanding of the organization's specific risks may result in over-engineering or under-engineering security controls. This can lead to unnecessary expense, operational disruption, or a false sense of
Topics
#Information security strategy#Risk management#Security governance#Foundational principles
Community Discussion
No community discussion yet for this question.