Which of the following is the MOST important requirement for setting up an information security
infrastructure for a new system?
A.
Performing a business impact analysis (BIA)
B.
Considering personal information devices as pan of the security policy
C.
Initiating IT security training and familiarization
D.
Basing the information security infrastructure on risk assessment
Explanation:
The information security infrastructure should be based on risk. While considering personal
information devices as part of the security policy may be a consideration, it is not the most
important requirement. A BIA is typically carried out to prioritize business processes as part of a
business continuity plan. Initiating IT security training may not be important for the purpose of the
information security infrastructure.