Which of the following is the MOST important element of an information security strategy?
A.
Defined objectives
B.
Time frames for delivery
C.
Adoption of a control framework
D.
Complete policies
Explanation:
Without defined objectives, a strategy—the plan to achieve objectives—cannot be developed.
Time frames for delivery are important but not critical for inclusion in the strategy document.
Similarly, the adoption of a control framework is not critical to having a successful information
security strategy. Policies are developed subsequent to, and as a part of, implementing a strategy.