CISSP PRACTICE QUESTIONS – 20211204

Effective CISSP Questions

As a chief information security officer, you are developing an information security strategy. Which of the following should be conducted first? (Wentz QOTD)
A. Conduct a cost-benefit analysis
B. Evaluate return on investment
C. Establish information security policies
D. Identify internal and external influences to the organization

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Identify internal and external influences to the organization.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Strategic Thinking
Strategic Thinking

An information security strategy should align with the organizational grand strategy to achieve and fulfill the organizational goals and vision. Identifying internal and external influences to the organization meet stakeholders’ expectations and requirements and ensure the effectiveness of a strategy.

External and Internal Analysis
External and Internal Analysis
Strategy Development
Strategy Development
Business Case
Business Case
Strategic Portfolios
Strategic Portfolios
Policy Framework
Policy Framework
Project Life Cycle
Project Life Cycle (Source: PMBOK)

Reference


作為首席信息安全官,您正在制定信息安全策略。 應首先進行以下哪一項? (Wentz QOTD)
A. 進行成本效益分析
B. 評估投資回報
C. 建立信息安全政策
D. 識別對組織的內部和外部影響



Leave a Reply