Exam CISSP topic 1 question 56 discussion

HR would be the only people to initiate a request, surely?

A is correct. Operation as a process owner should give requirement to IT. HR is responsible for access control provision not business process provision.

It is always HR which initiates the provisioning. HR is responsible for ensuring that new employees have the necessary access and resources to perform their job functions, which includes initiating requests for system access, equipment, and other provisions. Operations might do it but not initiate.

In mot companies there is no Operations department, this is a canned CISSP answer and this is the answer they want for the test, so this is the answer we must use. It does not apply to the real world.

This is an example of a badly worded question because there is no context of what a business process could be in reference to; examples of business process could be (not limited to): Onboarding/Offboarding employees (HR) Budget allocation/Procurement (Finance) Marketing campaigns (Marketing) Strategic Planning (Management) Hardware and Software Procurement, enhancements, updates, adaptation (IT) Incident response, Vulnerability management, Security awareness training (Security)

C. Human resources (HR) The Human Resources (HR) department typically initiates the request, approval, and provisioning business process for tasks related to employee onboarding, offboarding, access requests, and other personnel-related activities. This process involves requesting access to systems, applications, and resources for new hires or making changes to existing employees' access levels. After HR initiates the request, it is often passed on to the IT department for further action.

A is correct folks are amazing who is answering C lol.

HR is the home office for all operations approvals and requests. Even CEO need to run things through HR for legal purposes.

to me, this answer should be C, why? maybe because i understand the following, in my company the power is withing the HR department, any Process that need to be implemented, must start , regardless who sign it for governing the process even if it is me, if the HR VP say no, i say no. so i really think this is a gray area question. it is important to note, it depend on the organization, or the bylaws of the company, however, never ever run a business from an IT perspective, you will brake your company, business has needs, IT is a service provided, they align systems with business needs. this is a golden rule every one keep it in mind.

Information technology (IT). In the modern business world, IT departments are typically responsible for initiating, approving, and provisioning business processes. IT departments manage a company's technology resources, such as hardware, software, networks, and data systems. They use these resources to streamline and automate business processes, including requesting, approving, and provisioning. Additionally, IT departments are often responsible for ensuring that the right people have access to the right resources and that the resources are secure. Resources: - https://www.techopedia.com/definition/25515/business-process-automation - https://www.globalknowledge.com/us-en/content/what-is-it-department/

Initiate, start the process. I would say Operations is the best answer. HR may be an approver and provisioner but the main initiator imo

Answer is C

Operations. We are talking within an enterprise Cyber environment. HR does not create change requests, nor any other part of that process.

It should be more than 1 answer. It mentions which departments.... This makes sense as the change management must involve more than 1 department

Would be HR - consider an example of the resource fulfilment process as an example

This is a BUSINESS process

Operations - not, this would be HR. If operation were in control of this, who knows how compromised the network would be.