A. The strategic security plan should be stable and tied to business mission / vision. A significant change in business strategy would require the security strategy to be reviewed.
A. "The company must evaluate and adapt security measures as changes in the organization and its threat profiles occur"
https://www.cynic.se/2021/11/information-security-strategic-plan-is-part-of-a-good-cybersecurity-business-model/
Strategy is 5 years
Tactical is 1 year
Operational is in months.
!
So I doubt we need to review strategy every 3 months. Because strategy should be very stable.
Major changes into the information security strategy & plan will happen only based on critical business changes and changes from industry and stakeholders.
https://www.thedigitaltransformationpeople.com/channels/cyber-security/assembling-your-information-security-master-plan/
Minimum requirement is one year or less. What if those major changes happen only after 2 or 3 years?
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jimbo_jones
5 months, 4 weeks agoHughJassole
8 months, 2 weeks agobabaseun
11 months agojackdryan
10 months agooudmaster
1 year, 2 months agoJamati
1 year, 4 months agobabaseun
11 months agordy4u
1 year, 4 months agoJamati
1 year, 4 months ago