C. Assemble an experienced staff
D. Benchmark peer organizations
New information security managers should seek to build rapport and establish lines of
communication with senior management to enlist their support. Benchmarking peer
organizations is beneficial to better understand industry best practices, but it is secondary to
obtaining senior management support. Similarly, developing a security architecture and
assembling an experienced staff are objectives that can be obtained later.
It is MOST important that information security architecture be aligned with which of the
A. Industry best practices
B. Information technology plans
C. Information security best practices
D. Business objectives and goals
Information security architecture should always be properly aligned with business goals and
objectives. Alignment with IT plans or industry and security best practices is secondary by
Which of the following is MOST likely to be discretionary?
Policies define security goals and expectations for an organization. These are defined in more
specific terms within standards and procedures. Standards establish what is to be done while
procedures describe how it is to be done. Guidelines provide recommendations that business
management must consider in developing practices within their areas of control; as such, they
Security technologies should be selected PRIMARILY on the basis of their:
A. ability to mitigate business risks.
B. evaluations in trade publications.
C. use of new and emerging technologies.