Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 255 discussion

Actual exam question from ISC's CISSP
Question #: 255
Topic #: 1
[All CISSP Questions]

Which of the following is the FIRST step an organization's professional performs when defining a cyber-security program based upon industry standards?

  • A. Review the past security assessments
  • B. Define the organization's objectives regarding security and risk mitigation
  • C. Map the organization's current security practices to industry standards and frameworks
  • D. Select from a choice of security best practices
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Humongous1593 at Oct. 28, 2022, 1:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Soleandheel
11 months, 2 weeks ago
B. Define the organization's objectives regarding security and risk mitigation. Before mapping current practices, reviewing past assessments, or selecting specific best practices, it's crucial to establish clear objectives and goals for the cybersecurity program.
upvoted 1 times
...
shmoeee
1 year ago
So the question asked the first step in "defining" a cyber security program against industry standards versus "creating" a cyber security program. If feel like if there is already a security program in place, the professional is helping the organization "define" which program they are using. If I was developing a security program for the organization, I would definitely define the objectives. Im going with..C
upvoted 4 times
...
Dee83
1 year, 10 months ago
B. Define the organization's objectives regarding security and risk mitigation When defining a cyber-security program based upon industry standards, the first step an organization's professional should perform is to define the organization's objectives regarding security and risk mitigation. This step involves identifying the specific security goals of the organization and the types of risks that need to be mitigated.
upvoted 3 times
jackdryan
1 year, 6 months ago
B is correct
upvoted 1 times
...
...
DJOEK
1 year, 10 months ago
Selected Answer: B
When defining a cyber-security program based upon industry standards, the first step that an organization's professional should take is to define the organization's objectives regarding security and risk mitigation. This includes identifying the assets that need to be protected, the level of risk that the organization is willing to accept, and the specific threats that the organization is facing. Defining these objectives will provide the necessary foundation to guide the design and implementation of the security program, ensuring that the program is aligned with the organization's business needs, risk appetite and compliance requirements.
upvoted 2 times
...
oudmaster
1 year, 11 months ago
Selected Answer: B
I vote for B. Without defining the objective, which industry standard the organization will follow? There are tons of standards. The objective will derive which one is suitable. Standards for Healthcare is different than Financial services, etc.
upvoted 2 times
...
Jay327
2 years ago
Selected Answer: B
https://resources.infosecinstitute.com/topic/nist-csf-the-seven-step-cybersecurity-framework-process/ In this step, the organization must identify organization or mission objectives along with high-level organizational priorities
upvoted 1 times
...
Humongous1593
2 years, 1 month ago
Selected Answer: B
Likely talking bout NIST CSF. Step 1 is prepare.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel