A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?
A) A complete inventory of Information technology assets including infrastructure, networks, applications and data
B) A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
C) A clear set of security policies and procedures that are more concept-based than controls-based than controls-based
D) A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
Correct Answer:
Verified
Q237: Who is responsible for securing networks during
Q238: According to the National Institute of Standards
Q239: Which of the following is the MOST
Q240: The patching and monitoring of systems on
Q241: An example of professional unethical behavior is:
A)
Q243: How often should the SSAE16 report of
Q244: A system was hardened at the Operating
Q245: Your company has a "no right to
Q246: Step-by-step procedures to regain normalcy in the
Q247: The MOST common method to get an
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents