A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach.
Which of the following is a foundational requirement in order to initiate this type of program?

A. A complete inventory of Information technology assets including infrastructure, networks, applications and data

B. A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

C. A clear set of security policies and procedures that are more concept-based than controls-based than controls-based

D. A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in








 

Suggested Answer: D






This question is in 712-50 EC-Council Certified CISO (CCISO) Exam
For getting EC-Council Certified CISO (CCISO) Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council.
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exam.