PrepAway - Latest Free Exam Questions & Answers

An organization without any formal information security program that has decided to implement information secu

An organization without any formal information security program that has decided to implement
information security best practices should FIRST:

PrepAway - Latest Free Exam Questions & Answers

A.
invite an external consultant to create the security strategy.

B.
allocate budget based on best practices.

C.
benchmark similar organizations.

D.
define high-level business security requirements.

Explanation:

All four options are valid steps in the process of implementing information security best practices;
however, defining high-level business security requirements should precede the others because
the implementation should be based on those security requirements.


Leave a Reply