Certified Chief Information Security Officer (CCISO) — Question 147

The newly appointed CISO of an organization is reviewing the IT security strategic plan.
Which of the following is the MOST important component of the strategic plan?

Answer options

• A. There is a clear definition of the IT security mission and vision.
• B. The plan requires return on investment for all security projects.
• C. There is integration between IT security and business staffing
• D. There is an auditing methodology in place.

Correct answer: A

Explanation

The most critical component of the strategic plan is a clear definition of the IT security mission and vision, as it sets the direction and priorities for all security initiatives. While return on investment, integration with business staffing, and an auditing methodology are important, they are secondary to having a well-defined mission and vision that guide the security strategy.