December 23, 2021 by Admin
A CIO has asked the organization’s information security manager to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?
- To create formal requirements to meet projected security needs for the future
- To create and document a consistent progression of security capabilities
- To prioritize risks on a longer scale than the one-year plan
- To facilitate the continuous improvement of the IT organization