Mysystem.org IT ExamsCISM Question 85 2017-04-06
Question: An organization without any formal information security program that has decided to implement information security best practices should FIRST:
A.) invite an external consultant to create the security strategy.
B.) allocate budget based on best practices.
C.) benchmark similar organizations.
Answer ==> D.) define high-level business security requirements.