ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 70

What is the FIRST step required in implementing ISO 27001?

Answer options

• A. Create a security management organization.
• B. Define an information security policy.
• C. Implement strict security controls.
• D. Perform a security risk assessment.

Correct answer: A

Explanation

The correct first step in implementing ISO 27001 is to create a security management organization, as it establishes the framework for managing information security. Defining a policy, implementing controls, or performing a risk assessment are important but come after the organization is set up to oversee these processes.