Podcast
Questions and Answers
What should be the FIRST step in developing an information security plan?
What should be the FIRST step in developing an information security plan?
- Perform a technical vulnerabilities assessment
- Analyze the current business strategy (correct)
- Assess the current levels of security awareness
- Perform a business impact analysis
Which component of risk is most relevant in the context of threats to achieving business objectives?
Which component of risk is most relevant in the context of threats to achieving business objectives?
- Assessing the current levels of security awareness
- Analyzing the current business strategy
- Performing a technical vulnerabilities assessment (correct)
- Performing a business impact analysis
When is a business impact analysis typically performed?
When is a business impact analysis typically performed?
- After performing a technical vulnerabilities assessment
- After assessing the current levels of security awareness
- Before analyzing the current business strategy
- Before developing a business continuity plan (correct)
What is the primary focus of a business impact analysis?
What is the primary focus of a business impact analysis?
Why is assessing the current levels of security awareness not the FIRST step in developing an information security plan?
Why is assessing the current levels of security awareness not the FIRST step in developing an information security plan?