CISM Certified Information Security Manager – Question0080

In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:

A.
prepare a security budget.
B. conduct a risk assessment.
C. develop an information security policy.
D. obtain benchmarking information.

Correct Answer: B

Explanation:

Explanation: Risk assessment, evaluation and impact analysis will be the starting point for driving management’s attention to information security. All other choices will follow the risk assessment.