Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CISM topic 1 question 30 discussion

Actual exam question from Isaca's CISM
Question #: 30
Topic #: 1
[All CISM Questions]

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

  • A. Calculate the total cost of ownership (TCO).
  • B. Define the issues to be addressed.
  • C. Perform a cost-benefit analysis.
  • D. Conduct a feasibility study.
Show Suggested Answer Hide Answer
Suggested Answer: C ūüó≥ÔłŹ

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
usercism007
1 month ago
Selected Answer: B The first step is "Define the issues to be addressed." when developing a business case for a new intrusion detection system (IDS) solution
upvoted 1 times
...
shervin2s
4 months, 3 weeks ago
Selected Answer: B
Before delving into financial considerations such as calculating the total cost of ownership (TCO), performing a cost-benefit analysis, or conducting a feasibility study, it's crucial to clearly define the issues that the intrusion detection system (IDS) solution is intended to address.
upvoted 2 times
...
Grantolio
4 months, 3 weeks ago
Selected Answer: B
The text book says the first this is describing the problem. Sounds like B. From the CISM Exam Guide, Second Edition, P. Gregory, pg 89: Developing a Business Case Many organizations require the development of a business case prior to approving expenditures on significant security initiatives. A business case is a written statement that describes the initiative and describes its business benefits.<...> The typical elements found in a business case include the following: ‚ÄĘ Problem statement This is a description of the business condition or situation that the initiative is designed to solve. The condition may be a matter of compliance, a finding in a risk assessment, or a capability required by a customer, partner, supplier, or regulator.
upvoted 1 times
...
oluchecpoint
5 months, 3 weeks ago
Selected Answer: B
Option B
upvoted 1 times
...
Bankie_72
6 months, 3 weeks ago
C is the correct answer because anytime a business case is being developed, cost benefit analysis is a key component of its development, irrespective of what the business case is used for and especially when dealing with senior stakeholders.
upvoted 1 times
Marcelus1714
5 months, 1 week ago
It says "the FIRST" thing, not the most important. If you do not have clear what issues you gonna address... how you can do a cost-benefit analysis...??
upvoted 2 times
...
...
peelu
7 months, 2 weeks ago
Selected Answer: B
Define the issues or challenges
upvoted 1 times
...
POWNED
8 months ago
Selected Answer: B
1. Clearly define the problem 2. Follow an order 3. Possible benefits and reason 4. The final results
upvoted 1 times
...
Viperhunter
8 months, 1 week ago
Selected Answer: B
Before delving into financial calculations or feasibility studies, it's crucial to clearly identify and define the issues or challenges that the organization is seeking to address with the new IDS solution. Understanding the specific security needs and concerns provides a foundation for developing a comprehensive business case. This step helps in articulating the objectives, benefits, and requirements associated with the proposed solution. While calculating the total cost of ownership (TCO) (option A), performing a cost-benefit analysis (option C), and conducting a feasibility study (option D) are important components of the business case development process, defining the issues to be addressed is the initial step that sets the direction for the rest of the analysis.
upvoted 2 times
...
Jess20
8 months, 2 weeks ago
Selected Answer: B
B. Define the issues to be addressed. Most Voted
upvoted 1 times
...
Learner76
8 months, 2 weeks ago
I am leaning towards B but the answer is C and I think it is because 1) It is a business case - Cost 2) IDS was mentioned. Meaning the technology are already chosen because they know what is the issue Therefore it is a cost benefit stage. Therefore C
upvoted 2 times
...
Manix
9 months, 1 week ago
Selected Answer: C
Implementing IDS imply that issues are already known. So it's C.
upvoted 2 times
...
Agamennore
11 months ago
Selected Answer: B
It’B. First step define the objective and know what to do
upvoted 1 times
...
Ridenar
11 months, 2 weeks ago
B know what problems you are trying to solve
upvoted 1 times
...
Azurefox79
11 months, 3 weeks ago
Selected Answer: B
Cant perform a CBA is you dont know what is being addressed.
upvoted 1 times
...
Patt70
1 year ago
Answer is B - I agree with Broesweelies's comment.
upvoted 1 times
...
JKatta2023
1 year, 1 month ago
B and C are very close. If you don't have issues, why would you look to address them. When you start to address, you do cost benefit analysis to see if it is worth spending the amount to solve the issues. I would like to know why C is the answer.
upvoted 2 times
...
richck102
1 year, 2 months ago
B. Define the issues to be addressed.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in