December 23, 2021 by Admin
An organization without any formal information security program that has decided to implement information security best practices should FIRST:
- invite an external consultant to create the security strategy.
- allocate budget based on best practices.
- benchmark similar organizations.
- define high-level business security requirements.
All four options are valid steps in the process of implementing information security best practices; however, defining high-level business security requirements should precede the others because the implementation should be based on those security requirements.