When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
New information security managers should seek to build rapport and establish lines of communication with senior management to enlist their support.
Benchmarking peer organizations is beneficial to better understand industry best practices, but it is secondary to obtaining senior management support.
Similarly, developing a security architecture and assembling an experienced staff are objectives that can be obtained later.
When a new information security manager is hired, the FIRST goal they should pursue depends on the specific situation of the organization. However, as a general guideline, the following explanation can be helpful in choosing the right option from the given choices:
A. Develop a security architecture: Developing a security architecture is an important goal for any information security manager, but it may not be the FIRST goal to pursue. It requires a good understanding of the organization's current security infrastructure and future needs, which may take some time to acquire. Therefore, this option may not be the best starting point for a new security manager.
B. Establish good communication with steering committee members: Establishing good communication with steering committee members is an important first step for a new information security manager. The steering committee usually comprises top-level executives who have the power to allocate resources and approve security initiatives. By building a good relationship with them, the security manager can gain their trust and support, which is essential for implementing effective security programs.
C. Assemble an experienced staff: Assembling an experienced staff is important for the long-term success of the security program. However, it may not be the FIRST goal to pursue because recruiting and hiring experienced security professionals can be a time-consuming process. Instead, the security manager can start by assessing the existing staff's skills and identify gaps that need to be filled.
D. Benchmark peer organizations: Benchmarking peer organizations can provide valuable insights into best practices and industry standards. However, it may not be the FIRST goal to pursue because it can be a time-consuming process, and the results may not be directly applicable to the organization's unique needs.
In conclusion, establishing good communication with steering committee members is the best FIRST goal for a new information security manager because it can help build support and provide a foundation for future initiatives.