CISM Certified Information Security Manager – Question0704

An information security program should be established PRIMARILY on the basis of:

A.
the approved information security strategy.
B. the approved risk management approach.
C. data security regulatory requirements.
D. senior management input.

Correct Answer: A