Exam CISM topic 1 question 30 discussion

C - Issue is already known - exec team need a CBA.

C- Because from the question, the issue has been identified already and to make a business case for a business case for a new intrusion detection system (IDS) solution the CBA is really necessary to be established.

C cost-benefit analysis, because costs include issues (thematized in option B) and benefits, thereby providing a comprehensive foundation for decision making.

First you need the scope or you cant calculate expenses

Selected Answer: B The first step is "Define the issues to be addressed." when developing a business case for a new intrusion detection system (IDS) solution

Before delving into financial considerations such as calculating the total cost of ownership (TCO), performing a cost-benefit analysis, or conducting a feasibility study, it's crucial to clearly define the issues that the intrusion detection system (IDS) solution is intended to address.

The text book says the first this is describing the problem. Sounds like B. From the CISM Exam Guide, Second Edition, P. Gregory, pg 89: Developing a Business Case Many organizations require the development of a business case prior to approving expenditures on significant security initiatives. A business case is a written statement that describes the initiative and describes its business benefits.<...> The typical elements found in a business case include the following: • Problem statement This is a description of the business condition or situation that the initiative is designed to solve. The condition may be a matter of compliance, a finding in a risk assessment, or a capability required by a customer, partner, supplier, or regulator.

Option B

C is the correct answer because anytime a business case is being developed, cost benefit analysis is a key component of its development, irrespective of what the business case is used for and especially when dealing with senior stakeholders.

Define the issues or challenges

1. Clearly define the problem 2. Follow an order 3. Possible benefits and reason 4. The final results

Before delving into financial calculations or feasibility studies, it's crucial to clearly identify and define the issues or challenges that the organization is seeking to address with the new IDS solution. Understanding the specific security needs and concerns provides a foundation for developing a comprehensive business case. This step helps in articulating the objectives, benefits, and requirements associated with the proposed solution. While calculating the total cost of ownership (TCO) (option A), performing a cost-benefit analysis (option C), and conducting a feasibility study (option D) are important components of the business case development process, defining the issues to be addressed is the initial step that sets the direction for the rest of the analysis.

B. Define the issues to be addressed. Most Voted

I am leaning towards B but the answer is C and I think it is because 1) It is a business case - Cost 2) IDS was mentioned. Meaning the technology are already chosen because they know what is the issue Therefore it is a cost benefit stage. Therefore C

Implementing IDS imply that issues are already known. So it's C.

It’B. First step define the objective and know what to do

B know what problems you are trying to solve