CISM Certified Information Security Manager – Question0098

In order to highlight to management, the importance of network security, the security manager should FIRST:

A.
develop a security architecture.
B. install a network intrusion detection system (NIDS) and prepare a list of attacks.
C. develop a network security policy.
D. conduct a risk assessment.

Correct Answer: D

Explanation:

Explanation:
A risk assessment would be most helpful to management in understanding at a very high level the threats, probabilities and existing controls. Developing a security architecture, installing a network intrusion detection system (NIDS) and preparing a list of attacks on the network and developing a network security policy would not be as effective in highlighting the importance to management and would follow only after performing a risk assessment.