A CIO has asked the organization’s information security manager to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?
A. To create formal requirements to meet projected security needs for the future
B. To create and document a consistent progression of security capabilities
C. To prioritize risks on a longer scale than the one-year plan
D. To facilitate the continuous improvement of the IT organization
A. To create formal requirements to meet projected security needs for the future
B. To create and document a consistent progression of security capabilities
C. To prioritize risks on a longer scale than the one-year plan
D. To facilitate the continuous improvement of the IT organization