Which of the following should be the PRIMARY objective when establishing a new information security program?
Which of the following should be the PRIMARY objective when establishing a new information security program?
C. Assess the potential impact to the organization.
The primary objective when establishing a new information security program is to minimize organizational risk (Option C). This involves identifying, assessing, and mitigating risks to protect the organization's information assets and ensure business continuity
Information Security Programs' main purpose is to achieve the goals outlined in the organization's information security strategy.
Answer is D - implementing the security strategy includes efforts to minimize risks.