Certified Information Security Manager (CISM) — Question 129

Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?

Answer options

• A. Schedule the target end date for implementation activities.
• B. Develop an implementation strategy.
• C. Budget the total cost of implementation activities.
• D. Calculate the cost for each countermeasure.

Correct answer: B

Explanation

The correct answer is B, as developing an implementation strategy is essential to outline how the approved countermeasures will be executed. Options A, C, and D are important steps, but they come after having a clear implementation strategy in place.