CISM Certified Information Security Manager – Question0896

Which of the following should be the PRIMARY basis for an information security strategy?

A.
The organization’s vision and mission.
B. Information security policies.
C. Results of a comprehensive gap analysis.
D. Audit and regulatory requirements.

Correct Answer: A