Certified Chief Information Security Officer (CCISO) — Question 172

What is generally the FIRST step in Information Security program development?

Answer options

• A. Design
• B. Plan
• C. Execute
• D. Assess

Correct answer: B

Explanation

The correct answer is B, as planning is essential to outline the objectives, resources, and strategies needed for an effective Information Security program. The other options, such as Design, Execute, and Assess, come after the planning phase and rely on a solid foundation established during the planning stage.