To establish a meaningful roadmap for security investments, an information security manager must first gain a thorough understanding of the organization's operating processes. This foundational knowledge is essential for identifying the specific security needs, risks, and priorities of the organization. By understanding how the organization operates, the information security manager can align security investments with the actual needs and strategic objectives of the organization.
Before identifying any kind of investment needs, you need to understand the organizations processes to see what security gaps are existing. Once you have identified investment needs, make sure to confirm that investments are in conjunction with the business objectives.
The correct answer is B. Gain a thorough understanding of the organization's operating processes. Before investing in security, an information security manager should understand the organization's operating processes, including the systems and technologies that support them, the data and information that flow through them, and the risks that may impact them. This will provide a foundation for identifying the most critical security needs and for developing a roadmap for security investments that align with the organization's objectives. Without this understanding, cost-benefit analyses, business cases, and strategic alignment may be misguided and ineffective.
Isn't understanding processes (current and desired, operational, management or technical) already done during the development of strategy? Roadmap is, as ISACA states, the plan/steps to implement strategy, more or less like a project delivery plan. The prioritization of resource utilization (investments in this case) should be based on the project objectives, in other words, strategic objectives. Since strategic objectives are aligned with business objectives.....you can figure out the rest.
I think it should be B as you want to put the controls around the operating processes so you should understand them first. D. should be done later because you haven't yet identified the investments so you can ensure they are aligned (before you ID them). Two cents.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HN2025
1 month agoJosef4CISM
1 month, 3 weeks ago03allen
3 months, 3 weeks agoyottabyte
5 months agoMarcelus1714
5 months, 1 week agoAaronS1990
1 year agoAlexJacobson
7 months, 1 week ago[Removed]
1 year, 1 month agorichck102
1 year, 2 months agoSaisharan
1 year, 3 months agoAbhey
1 year, 4 months agoCISSPST
1 year, 1 month agodedfef
1 year, 5 months agoCarlLimps
1 year, 5 months ago