🔥 3-day streak
ISACA CISM — Certified Information Security Manager4 / 121
Question 4 of 121
A newly appointed information security manager at a mid-sized financial services firm discovers that the organization's information security policies were written years ago and reference no external standard. The board has asked for assurance that the security program reflects recognized good practice and can be benchmarked against peers. Which action should the security manager take FIRST to address the board's request?
Reviewed for accuracy · Report an issueNext question