Certified Information Security Manager (CISM) — Question 380

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

Answer options

• A. risk assessment results.
• B. international security standards.
• C. the most stringent requirements.
• D. the security organization structure.

Correct answer: A

Explanation

The correct answer is A, as a thorough risk assessment provides a tailored understanding of specific threats and vulnerabilities, allowing the organization to prioritize security measures effectively. While international security standards (B) and stringent requirements (C) are important, they may not address the unique risks identified in the assessment. Option D, focusing on organizational structure, is less relevant to the development of an overall security strategy.