Certified Information Systems Security Professional (CISSP) — Question 182

An effective information security strategy is PRIMARILY based upon which of the following?

Answer options

• A. Risk management practices
• B. Security budget constraints
• C. Security control implementation
• D. Industry and regulatory standards

Correct answer: A

Explanation

The correct answer is A, as risk management practices form the core of an effective information security strategy by identifying, assessing, and mitigating risks. While security budget constraints, security control implementation, and industry standards are important, they are secondary to the overarching need to manage risks effectively.