Which of the following is the FIRST step an organization's security professional performs when defining a cyber-security program based upon industry standards?
A.
Map the organization's current security practices to industry standards and frameworks.
B.
Define the organization's objectives regarding security and risk mitigation.
C.
Select from a choice of security best practices.
D.
Review the past security assessments.
Answer:
A
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
BobNopaddy
4 days, 12 hours ago
B. Define the organization's objectives regarding security and risk mitigation. Before diving into frameworks or best practices, a security professional must first understand what the organization is trying to protect and why.
Want to join our community?
Please log in or signup in order to use this feature
B. Define the organization's objectives regarding security and risk mitigation.
Before diving into frameworks or best practices, a security professional must first understand what the organization is trying to protect and why.