Certified Information Security Manager (CISM) — Question 983

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Answer options

• A. Calculate the return on investment (ROI).
• B. Provide security awareness training to HR.
• C. Assess the business objectives of the processes.
• D. Benchmark the processes with best practice to identify gaps.

Correct answer: C

Explanation

The correct answer is C because assessing the business objectives of the processes helps to ensure that security measures align with the organization's goals. The other options, while important, should follow the initial understanding of the business objectives to effectively integrate security into HR management.