🔥 3-day streak
ISACA CISM — Certified Information Security Manager102 / 121
Question 102 of 121

A newly appointed information security manager reviews the organization's documentation and finds a single 80-page document that mixes high-level intent statements, mandatory technical configuration baselines, and step-by-step instructions for configuring firewalls. Business units complain the document is unwieldy and quickly outdated. To improve governance and enable the document to remain aligned with business goals over time, what should the security manager do FIRST?

Reviewed for accuracy · Report an issueNext question