Information Security Planning

Questions and Answers

PDF Questions PDF Answers

What should be the FIRST step in developing an information security plan?

Perform a technical vulnerabilities assessment

Analyze the current business strategy (correct)

Assess the current levels of security awareness

Perform a business impact analysis

Which component of risk is most relevant in the context of threats to achieving business objectives?

Assessing the current levels of security awareness

Analyzing the current business strategy

Performing a technical vulnerabilities assessment (correct)

Performing a business impact analysis

When is a business impact analysis typically performed?

After performing a technical vulnerabilities assessment

After assessing the current levels of security awareness

Before analyzing the current business strategy

Before developing a business continuity plan (correct)

What is the primary focus of a business impact analysis?

Availability

Why is assessing the current levels of security awareness not the FIRST step in developing an information security plan?

It does not provide insights into business strategy