ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 552 discussion

Actual exam question from Isaca's CISM
Question #: 552
Topic #: 1
[All CISM Questions]

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following is MOST important to include in the business case?

  • A. Alignment with the approved IT strategy
  • B. Potential impact of threat realization
  • C. Availability of resources to implement the initiative
  • D. Peer group threat intelligence report
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ddharia94 at June 26, 2023, 11:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yottabyte
10 months ago
Selected Answer: B
If the threat is big enough to realign the strategy, then it should be realigned. Potential impact of threat realization seems to be the correct choice here. for example, until ten years ago, there was no ransomware attacks and when it realized, a lot of companies had to re-evaluate and re-align their security strategies.
upvoted 4 times
...
AlexJacobson
12 months ago
Selected Answer: B
I'm gonna go ahead and select B here, since A does not say "business strategy" or "information security strategy", but "IT strategy" alignment. So I feel explaining the impact of threat realization is more important than IT strategy. Information security strategy informs IT strategy, not the other way around.
upvoted 1 times
AlexJacobson
12 months ago
Also, the question does not specify what is the nature and the type of new threats and also just says "security initiative" which doesn't necessarily means it's technical or IT related.
upvoted 1 times
...
...
Marcovic00
1 year, 2 months ago
Selected Answer: A
Since un doing something new or including a new control it has to be aligned with the syrategy ofcourse this is how senior management will even hear you out
upvoted 1 times
...
oluchecpoint
1 year, 4 months ago
Selected Answer: B
B. Potential impact of threat realization While all of the options listed are relevant and important, assessing the potential impact of threat realization should take precedence. Understanding the potential consequences and harm that can result from these threats is essential for making a strong business case for security investments. This information helps the organization assess the risk and prioritize security initiatives effectively. It allows decision-makers to weigh the potential costs and damages associated with not addressing the threats against the investment required for mitigation. Ultimately, the potential impact of threat realization is a critical factor in demonstrating the urgency and necessity of the security initiative.
upvoted 2 times
...
Vesta1807
1 year, 5 months ago
Selected Answer: A
The strategic context that demonstrates the need for the initiative and how the investment aligns with the organization’s broader strategic goals
upvoted 1 times
...
richck102
1 year, 6 months ago
B. Potential impact of threat realization
upvoted 4 times
...
ddharia94
1 year, 7 months ago
Selected Answer: A
I would go with A
upvoted 1 times
chanke
1 year, 6 months ago
Not all security issues are related to IT purposes.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel