Certified Information Systems Security Professional – CISSP – Question026

Which of the following is an initial consideration when developing an information security management system?

A.
Identify the contractual security obligations that apply to the organizations
B. Understand the value of the information assets
C. Identify the level of residual risk that is tolerable to management
D. Identify relevant legislative and regulatory compliance requirements

Correct Answer: B