Posted by: Pdfprep
Post Date: November 15, 2020
The FIRST step in developing an information security management program is to:
A . identify business risks that affect the organization.
B . clarify organizational purpose for creating the program.
C . assign responsibility for the program.
D . assess adequacy of controls to mitigate business risks.
Answer: B
Explanation:
In developing an information security management program, the first step is to clarify the organization’s purpose for creating the program. This is a business decision based more on judgment than on any specific quantitative measures. After clarifying the purpose, the other choices are assigned and acted upon.
Leave a Reply