The FIRST step in developing an information security management program is to:

The FIRST step in developing an information security management program is to:
A . identify business risks that affect the organization.
B . clarify organizational purpose for creating the program.
C . assign responsibility for the program.
D . assess adequacy of controls to mitigate business risks.

View Answer

Answer: B

Explanation:

In developing an information security management program, the first step is to clarify the organization’s purpose for creating the program. This is a business decision based more on judgment than on any specific quantitative measures. After clarifying the purpose, the other choices are assigned and acted upon.