A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What is the BEST next step?
A.
To gain an understanding of the current business direction
B.
To update in accordance with the best business practices
C.
To perform a risk assessment of the current IT environment
" to gain" of answer A is too non-binding. " To access" gives more certainty that it will lead to good outcomes. As manager you want the best possible solution.
I really like A here. o gain an understanding of the current business direction. I agree, how do you acces culture and have it impact your procedures? Need a clear understanding of the business to know what policies and procedures to update.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Josef4CISM
1 month, 3 weeks agoafb4b17
8 months, 3 weeks agooluchecpoint
12 months agoAgamennore
1 year, 6 months agoGoseu
1 year, 7 months agokaranvp
1 year, 8 months agorichck102
1 year, 8 months agowello
1 year, 8 months agomeelaan
1 year, 11 months agoCarlPTY07
1 year, 12 months agoCarlLimps
2 years agoBroesweelies
2 years agoMichi23
2 years, 1 month agoMyKasala
2 years, 1 month agoaokisan
2 years, 2 months ago