Certified Chief Information Security Officer (CCISO) — Question 152

What is the first thing that needs to be completed in order to create a security program for your organization?

Answer options

• A. Security program budget
• B. Compliance and regulatory analysis
• C. Risk assessment
• D. Business continuity plan

Correct answer: C

Explanation

The correct answer is C, as conducting a risk assessment is crucial to identify vulnerabilities and potential threats before developing a security program. The other options, while important, come after understanding the risks that need to be addressed.