CISM Certified Information Security Manager – Question0623

The FIRST step in establishing an information security program is to:

A.
define policies and standards that mitigate the organization’s risks
B. secure organizational commitment and support.
C. assess the organization’s compliance with regulatory requirements.
D. determine the level of risk that is acceptable to senior management.

Correct Answer: B