An effective information security strategy is PRIMARILY based upon which of the following?
An effective information security strategy is PRIMARILY based upon which of the following?
An effective information security strategy is primarily based on risk management practices. Risk management helps identify, assess, and prioritize risks, allowing an organization to allocate appropriate resources to mitigate those risks. Without a solid understanding of the risks specific to the organization, any security measures implemented may be inadequate or excessive, leading to unnecessary expenses or vulnerabilities. The focus on managing risks ensures that security efforts are aligned with the actual threats and vulnerabilities faced by the organization, creating a more efficient and effective security strategy.
Agree with the given Answer: Risk Analysis – Analyzing risk helps you determine your tolerance levels for risk and which you can accept, avoid, transfer, or prevent.
A strategy that is focused solely on implementing security controls without a clear understanding of the organization's specific risks may result in over-engineering or under-engineering security controls. This can lead to unnecessary expense, operational disruption, or a false sense of security.
A is correct
A. It includes C. CISSP is about the high level, per my CISSP class instructor you should go with the more general high-level answer.
Effective information security strategy should be based on the security control implimentation
0SG 9th edition - page 109 last paragraph. Integrating cybersecurity risk management with supply chain, acquisition strategies, and business practices is a means to ensure a more robust and successful security strategy in organizations of all sizes. When purchases are made without security considerations, the risks inherent in those products remain throughout their deployment life span