According to ISACA, following a risk assessment, the next step after new countermeasures have been approved by management should be to develop an implementation strategy. This includes planning and coordinating the implementation of the countermeasures, and identifying any potential roadblocks or issues that may arise during the implementation process. This step is crucial to ensure that the implementation is successful and that the countermeasures are put in place in an efficient and effective manner. Once the implementation strategy is developed, schedule the target end date for implementation activities, budget the total cost of implementation activities, and calculate the cost for each countermeasure can be done.
B, "Develop an implementation strategy," should be performed next.
The correct sequence of actions might be:
Develop an implementation strategy (B)
Budget the total cost of implementation activities (C)
Calculate the cost for each countermeasure (D)
Schedule the target end date for implementation activities (A)
Never assume that the company missed a step. ISACA would never do this to you. If management approved that means we can surmise that every step before approval was completed. This makes the obvious answer B.
One advice that a person who passed the exam with close to 800 points (which is max number of points possible) gave me is to never assume and infer stuff that aren't there. Everything you need to answer the question is in the question itself, you only need to read it carefully.
B, "Develop an implementation strategy," should be performed next.
The correct sequence of actions might be:
Develop an implementation strategy (B)
Budget the total cost of implementation activities (C)
Calculate the cost for each countermeasure (D)
Schedule the target end date for implementation activities (A)
Approval of countermeasures by the management needs the prior calculation of the cost of each countermeasure and budgeting. Developing an implementation strategy is a preamble to scheduling the implementation activities. So B is the good response.
That's what I was thinking as well. If ISACA is focused on cost, approving a countermeasure without knowing the cost impact to the org. The question leaves room for assumptions to be made.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 1 year, 10 months agoRagazzoAlex
Most Recent 4 months agooluchecpoint
9 months, 3 weeks agoPOWNED
12 months agoAlexJacobson
10 months agooluchecpoint
1 year, 2 months agoAgamennore
1 year, 2 months agotodush
1 year, 3 months agokaranvp
1 year, 5 months agowello
1 year, 5 months agorichck102
1 year, 5 months agomeelaan
1 year, 8 months agojaiz
1 year, 8 months agoDelTrotter
1 year, 11 months agoZiggybooboo
1 year, 11 months agoZeeM12
1 year, 9 months ago