As a chief information security officer, you are developing an information security strategy. Which of the following should be conducted first? (Wentz QOTD)
A. Conduct a cost-benefit analysis
B. Evaluate return on investment
C. Establish information security policies
D. Identify internal and external influences to the organization
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Identify internal and external influences to the organization.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
An information security strategy should align with the organizational grand strategy to achieve and fulfill the organizational goals and vision. Identifying internal and external influences to the organization meet stakeholders’ expectations and requirements and ensure the effectiveness of a strategy.
作為首席信息安全官，您正在制定信息安全策略。 應首先進行以下哪一項？ (Wentz QOTD)