Which of the following should be the PRIMARY basis for an information security strategy?
A. The organization’s vision and mission.
B. Information security policies.
C. Results of a comprehensive gap analysis.
D. Audit and regulatory requirements.
A. The organization’s vision and mission.
B. Information security policies.
C. Results of a comprehensive gap analysis.
D. Audit and regulatory requirements.