CISM Certified Information Security Manager – Question0689 - CISM Certified Information Security Manager

It is important to develop an information security baseline because it helps to define:

A. critical information resources needing protection.
B. a security policy for the entire organization.
C. the minimum acceptable security to be implemented.
D. required physical and logical access controls.

Correct Answer: C

Explanation:

Explanation:
Developing an information security baseline helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels. Before determining the security baseline, an information security manager must establish the security policy, identify criticality levels of organization’s information resources and assess the risk environment in which those resources operate.