How can a gap analysis be performed for a security strategy that does not yet exist? The question poses the question as the initial (hence the term developing) security strategy. If you have no starting point, you cannot perform a gap analysis.
c: The CISM All-0in-One Exam Guide Writes:
Gap Assessment
To implement a security strategy and accomplish objectives, security professionals often
spend too much time focusing on the end goal and not enough time on the starting
point. Without sufficient knowledge of the starting point, accomplishing objectives will
be more difficult, and achieving success will be less certain.
and it also writes:
Risk Assessments
A strategist should choose to have a risk assessment performed to reveal risks present in
the organization. The results of a risk assessment give the strategist
valuable information on the types of resources required to bring risks down to acceptable
levels. This is vital for developing and validating strategic objectives.
The Gap Assessment is valuable to implement the strategy. The Risk assessment validates your strategic objectives.
The results of an information security gap analysis provide a comprehensive understanding of the existing state of information security within an organization, identifying areas where security controls may be lacking or not meeting desired levels. This analysis helps in determining the current state of security and defining the desired future state, which is critical for developing an effective information security strategy.
While measurement of security performance against IT goals (option B), results of a technology risk assessment (option C), and the availability of capable information security resources (option D) are important considerations, the information security gap analysis is a foundational step that informs the strategic direction and priorities for the development of the overall information security strategy.
For sure it is A. Completing a risk assessment is good but that next step is the gap analysis...how far are you from where you want to be? Brilliant.
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
greeklover84
3 weeks, 5 days agoRio42
4 weeks, 1 day ago2c24cf3
4 months agoGrantolio
9 months, 4 weeks agoViperhunter
1 year, 1 month agorichck102
1 year, 7 months agoAntonivs
1 year, 11 months agoCarlLimps
1 year, 10 months ago