Certified Information Security Manager (CISM) — Question 265

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

Answer options

• A. Identify information security risk associated with the processes
• B. Assess the business objectives of the processes
• C. Evaluate the cost of information security integration
• D. Benchmark the processes with best practice to identify gaps

Correct answer: B

Explanation

The correct initial step is to assess the business objectives of the processes, as understanding these goals is crucial for aligning information security measures effectively. Identifying risks, evaluating costs, and benchmarking against best practices are important but should come after establishing clear business objectives.