Which of the following is the MOST important element of an information security strategy?
A . Defined objectives
B . Time frames for delivery
C . Adoption of a control framework
D . Complete policies
Answer: A
Explanation:
Without defined objectives, a strategy ― the plan to achieve objectives ― cannot be developed. Time frames for delivery are important but not critical for inclusion in the strategy document. Similarly, the adoption of a control framework is not critical to having a successful information security strategy. Policies are developed subsequent to, and as a part of, implementing a strategy.