CISSP PRACTICE QUESTIONS – 20220102

Effective CISSP Questions

As a CISO, you are developing an information security strategy. Which of the following should you conduct first? (Wentz QOTD)
A. Define the current state
B. Conduct gap analysis
C. Develop a roadmap
D. Set out a program policy

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Define the current state.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

David’s Model of the Strategic Management’s Process
David’s Model of the Strategic Management’s Process

Strategy management covers three major topics: formation (development), implementation (execution), and evaluation.

Goals, Strategy, and Risk
Goals, Strategy, and Risk
Levels of Strategy
Levels of Strategy
Strategic Planning
Strategic Planning
External and Internal Analysis
External and Internal Analysis
Strategy Development
Strategy Development
PMI OPM Strategy Execution Framework
PMI OPM Strategy Execution Framework
Strategic Portfolios
Strategic Portfolios
Balanced Scorecard (BSC)
Balanced Scorecard (BSC)
Strategy, Initiative, Product, and Project
Strategy, Initiative, Product, and Project

Thank you very much, Ram Marappan, for sharing this informative link, Strategic analysis: tools and techniques.

Reference


作為 CISO,您正在製定信息安全策略。 您應該首先進行以下哪項操作? (Wentz QOTD)
A. 定義當前狀態
B. 進行差距分析
C. 制定路線圖
D. 制定計晝政策



Leave a Reply