Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 306 discussion

Actual exam question from Isaca's CISM
Question #: 306
Topic #: 1
[All CISM Questions]

Senior management has launched an enterprise-wide initiative to streamline internal processes to reduce costs, including security processes. What should the information security manager rely on MOST to allocate resources efficiently?

  • A. Capability maturity assessment
  • B. Risk classification
  • C. Return on investment (ROI)
  • D. Internal audit reports
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mohit05 at Dec. 9, 2022, 10:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
dark_3k03r
Highly Voted 1 year, 7 months ago
Selected Answer: B
The Correct answer is B: Risk Classification. The reason is that B is the only one that allows you to effectively compare resources against another using a standardized set of criteria. Rationale: A. Capability maturity assessment can be used to identify areas where the organization needs to improve its security posture, but it does not provide information on the relative importance of different risks. C. Return on investment (ROI) is a financial instrument used to justify the purchase of something but says nothing about the relative risks and how to address them. D. Internal audit reports provide the findings, but does not provide for prioritization of risk.
upvoted 8 times
...
e891cd1
Most Recent 5 months, 3 weeks ago
B. The Security manager job is to reduce or mitigate risk to a acceptable level so focusing on risk classification aligns perfectly with that. I would choose 'A' before i chose 'C" since CMM allow the re-engineering of processes for efficiency and completeness.
upvoted 1 times
...
yottabyte
8 months ago
Selected Answer: B
B is the no brainer choice here!
upvoted 1 times
...
AlexJacobson
9 months, 4 weeks ago
Selected Answer: B
I think it's B. Just think what your job is - are you going to potentially compromise security just because ROI for a certain security tool is not optimal, and disregard the risk and criticality level of an asset?
upvoted 1 times
...
Soleandheel
12 months ago
Because it is initiated by senior management, the best answer here is C. Return on investment (ROI). Senior management always focuses on the big picture and as such it will serve the Security manager well to focus on ROI.
upvoted 1 times
...
oluchecpoint
1 year, 2 months ago
B. Risk classification As CISM personal, i will analyse the risk first before looking in ROI
upvoted 1 times
...
Hugo1717
1 year, 2 months ago
Selected Answer: C
C. Return on investment (ROI): When resources are being allocated to streamline processes and reduce costs, it's crucial to determine the potential return on investment for each proposed action. ROI helps evaluate the cost-effectiveness of initiatives and ensures that resources are directed toward activities that deliver the greatest value in terms of reduced costs and improved efficiencies.
upvoted 1 times
...
chanke
1 year, 5 months ago
Selected Answer: B
Risk Classifications are the most accurate answer.
upvoted 2 times
...
richck102
1 year, 5 months ago
B. Risk classification
upvoted 3 times
...
baranikumar_v
1 year, 10 months ago
C. Return on Investment(ROI) of the security tools
upvoted 1 times
...
aokisan
1 year, 11 months ago
Selected Answer: C
for reduction of cost, ROI should be chosen.
upvoted 3 times
[Removed]
1 year, 4 months ago
ROI is not the job if Information Security
upvoted 1 times
Raven89
3 weeks ago
yes it is, read the official ISACA manual instead of using chatGPT
upvoted 1 times
...
...
...
mohit05
1 year, 11 months ago
Selected Answer: C
I guess it could be C
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel