Exam CISM topic 1 question 128 discussion

Going on B boys

Select Answer: A Why the question is the MOST important reason and option A is right. If you see option B is talks about the Objective/Goal.

B. This approach helps in making informed decisions about which security controls to implement, prioritizing them based on their alignment with business goals, and justifying the allocation of resources to security activities in a way that makes sense for the organization as a whole.

Going to have to go with A for this one and this is why. Lots of the CISM questions revolve around stakeholders and costs. B seems like a throw off answer for test takers that do not know what they are talking about, never have I ever seen "ensure that benefits are aligned with business strategies" when talking about a cost benefit analysis, and this is coming from someone who has the Project+ certification. Again this test leans heavily on stakeholders and cost keep this in mind for future questions.

if the control is not aligned with business strategies we don't really care if it costs more than the asset value..

B. This approach helps in making informed decisions about which security controls to implement, prioritizing them based on their alignment with business goals, and justifying the allocation of resources to security activities in a way that makes sense for the organization as a whole.

A seems relevant.

B. To ensure that benefits are aligned with business strategies

B. To ensure that benefits are aligned with business strategies

Performing a cost-benefit analysis helps to determine whether the cost of implementing a security control is justified by the benefits that it provides. By analyzing the potential costs and benefits of a control, an organization can ensure that the mitigation effort does not exceed the value of the asset being protected. This allows for a more efficient use of resources and helps to prioritize the implementation of security controls based on their expected impact.

Answer B: The MOST important reason for performing a cost-benefit analysis when implementing a security control is to ensure that benefits are aligned with business strategies. By conducting a cost-benefit analysis, the information security manager can evaluate the potential benefits of a security control against the costs of implementation and maintenance. This enables the manager to identify controls that provide the best return on investment and align with the organization's overall business strategies. It also helps in prioritizing security controls and making informed decisions about which security measures to implement.

Answer B: The MOST important reason for performing a cost-benefit analysis when implementing a security control is to ensure that benefits are aligned with business strategies. By conducting a cost-benefit analysis, the information security manager can evaluate the potential benefits of a security control against the costs of implementation and maintenance. This enables the manager to identify controls that provide the best return on investment and align with the organization's overall business strategies. It also helps in prioritizing security controls and making informed decisions about which security measures to implement.