Question: The MOST useful way to describe the objectives in the information security strategy is through:
A.) attributes and characteristics of the ‘desired state.’
B.) overall control objectives of the security program.
C.) mapping the IT systems to key business processes.
D.) calculation of annual loss expectations.

Download pdf (with explanations) edition of this exam.