Which of the following is an information security manager's BEST course of action upon discovering an organization with budget constraints lacks several important security capabilities?
A.
Suggest the deployment of open-source security tools to mitigate identified risks.
B.
Establish a business case to demonstrate return on investment (ROI) of a security tool.
C.
Recommend that the organization avoid the most severe risks.
D.
Review the most recent audit report and request funding to address the most serious finding.
A. If there is a budget constraint and the organization lacks SEVERAL security capabilities, then the BEST solution is to find a cost effective method to provide those capabilities.
It's D. When having budget constraints you deal with the most critical stuff first, and then see what budget remains for the rest. And where do you get most objective information on what is the most critical? In an audit report.
B.
when an organization has budget constraints and lacks critical security capabilities, the information security manager should focus on creating a compelling business case that demonstrates the tangible benefits and return on investment of the needed security tool or capability. This approach is more likely to secure the necessary funding and support from the organization's leadership.
If there is a budget constraint then establishing a case for an ROI is just wasting managements time. The best solution would be to implement open source security tools and then if risks are still severe to the organization then possibly establish a business case for tools. Management would appreciate this effort way more. Therefore I’m going with A.
B. Establish a business case to demonstrate return on investment (ROI) of a security tool.
Explanation: When an organization with budget constraints lacks several important security capabilities, the best course of action for an information security manager is to establish a business case to demonstrate the return on investment (ROI) of a security tool.
Going with A - as all the other solutions just address one single tool. The best course of action for an information security manager upon discovering an organization with budget constraints lacks several important security capabilities is to suggest the deployment of open-source security tools to mitigate identified risks. Open-source security tools are often free or low-cost, and they can be a valuable way to improve an organization's security posture without breaking the bank.
if the question asked for FIRST course of action, I'd go with B but the question asked for BEST course of action so I agree with A
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ATT5832
1 month, 1 week agoyottabyte
7 months, 3 weeks agoAlexJacobson
10 months agoSalilgen
9 months agooluchecpoint
1 year, 2 months agoGoseu
1 year, 3 months agojennarink13
1 year, 4 months ago45
1 year, 5 months ago[Removed]
1 year, 4 months agoJae_kes
1 year, 5 months agorichck102
1 year, 5 months agosedardna
1 year, 5 months agoGr3yGh0sT
1 year, 6 months agoaws_newbie
9 months ago