🔥 3-day streak
ISACA CISM — Certified Information Security Manager118 / 121
Question 118 of 121
A newly appointed information security manager at a mid-sized manufacturing firm has been asked by the board to build an information security governance program from the ground up. The organization has no formal policies, no defined ownership of information assets, and inconsistent security practices across business units. Before selecting technical controls, which of the following should the security manager establish FIRST to ensure the governance program is effective and sustainable?
Reviewed for accuracy · Report an issueNext question