🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional101 / 129
Question 101 of 129

A newly hired CISO at a mid-sized financial services firm discovers that the security program operates independently, with technical controls chosen by the IT team based on industry trends rather than any documented connection to the firm's strategic goals. The board complains that security spending appears disconnected from business priorities and cannot demonstrate value. Which action should the CISO take FIRST to correct this governance deficiency?

Reviewed for accuracy · Report an issueNext question