An organization without any formal information security program that has decided to implement information security best practices should FIRST:

Last Updated on December 23, 2021 by Admin

An organization without any formal information security program that has decided to implement information security best practices should FIRST:

  • invite an external consultant to create the security strategy.
  • allocate budget based on best practices.
  • benchmark similar organizations.
  • define high-level business security requirements.
Explanation:
All four options are valid steps in the process of implementing information security best practices; however, defining high-level business security requirements should precede the others because the implementation should be based on those security requirements.