CISM Certified Information Security Manager – Question0166

When developing an information security governance framework, which of the following should be the FIRST activity?

A.
Integrate security within the system’s development life-cycle process.
B. Align the information security program with the organization’s other risk and control activities.
C. Develop policies and procedures to support the framework.
D. Develop response measures to detect and ensure the closure of security breaches.

Correct Answer: B