Which of the following should be done FIRST when developing an information security strategy?
Which of the following should be done FIRST when developing an information security strategy?
When developing an information security strategy, the first thing to do is to determine the desired state of information security. This step is critical as it defines the overall goals and objectives that the security efforts aim to achieve. Without understanding where the organization wants to be in terms of information security, it is impossible to create effective strategies, policies, and measures to get there. Establishing the vision for the desired security posture sets the foundation for all subsequent actions and decisions in the strategy development process.
leaning towards A for this one. we won't be able to determine the desired state before establishing the strategy. The steering committee is required is drive the strategy and align towards business strategies.
Determine the desired state of information security: This is the foundational step in developing a security strategy. You need to understand where you want to be in terms of security before you can make decisions on how to get there.
GPT4o goes with B. Always tell it to use CISM guidelines to determine answer. It seems to be relatively accurate.
B- Not going too much out of the question then it's B. It's like a question about what the first step of a certain recipe is not to hire a chef and build a kitchen but the recipe itself.
Who determines the " Determine the desired state of information security" ?
B. Determine the desired state of information security.
B could be gap¿?