nerdexam
(ISC)2

CISSP · Question #960

An effective information security strategy is PRIMARILY based upon which of the following?

The correct answer is A. Risk management practices. A strategy that is focused solely on implementing security controls without a clear understanding of the organization's specific risks may result in over-engineering or under-engineering security controls. This can lead to unnecessary expense, operational disruption, or a false s

Submitted by suresh_in· Mar 5, 2026Security and Risk Management

Question

An effective information security strategy is PRIMARILY based upon which of the following?

Options

  • ARisk management practices
  • BSecurity budget constraints
  • CSecurity control implementation
  • DIndustry and regulatory standards

How the community answered

(18 responses)
  • A
    89% (16)
  • C
    6% (1)
  • D
    6% (1)

Explanation

A strategy that is focused solely on implementing security controls without a clear understanding of the organization's specific risks may result in over-engineering or under-engineering security controls. This can lead to unnecessary expense, operational disruption, or a false sense of

Topics

#Information security strategy#Risk management#Security governance#Foundational principles

Community Discussion

No community discussion yet for this question.

Full CISSP Practice