Question 0303 - CISM Certified Information Security Manager

After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?

A. Define security metrics
B. Conduct a risk assessment
C. Perform a gap analysis
D. Procure security tools

Correct Answer: B

Explanation:

Explanation:
When establishing an information security program, conducting a risk assessment is key to identifying the needs of the organization and developing a security strategy. Defining security metrics, performing a gap analysis and procuring security tools are all subsequent considerations.

CISM Certified Information Security Manager

Tag: Question 0303

CISM Certified Information Security Manager – Question0303