Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CISM topic 1 question 1 discussion

Actual exam question from Isaca's CISM
Question #: 1
Topic #: 1
[All CISM Questions]

Which of the following should be the FIRST step in developing an information security plan?

  • A. Perform a technical vulnerabilities assessment
  • B. Analyze the current business strategy
  • C. Perform a business impact analysis
  • D. Assess the current levels of security awareness
Show Suggested Answer Hide Answer

Suggested Answer: B
Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.

Comments

dcdelgado
4 days, 7 hours ago
yes its B
upvoted 1 times
...
imranrq
1 week, 3 days ago
Answer B, Analyze the current business strategy
upvoted 1 times
...
L2J
2 months, 3 weeks ago
Analyze the current business strategy
upvoted 4 times
...
Dawoodalfarei
11 months, 4 weeks ago
Perform a technical vulnerabilities assessment
upvoted 1 times
...

SaveCancel