Which is a common pitfall when initiating a CSMS program?
Which is a common pitfall when initiating a CSMS program?
A common pitfall when initiating a Cyber Security Management System (CSMS) program is failing to relate the program to the mission of the organization. If the cyber security efforts are not aligned with the organization's goals and mission, it may lead to the program being misunderstood, misfunded, or misprioritized, ultimately rendering it ineffective. Ensuring that the CSMS program ties back to the core mission and objectives helps in securing buy-in from stakeholders and providing clear direction and purpose to the cyber security initiatives.
62443-2-1_B.3 - "A common pitfall is to attempt to initiate a CSMS program without at least a high-level rationale that relates cyber security to the specific organization and its mission." D. is a Pitfall when performing assessments.
See my previous answer.
Correct answer is B. Answer D, "Immediate jump into detailed risk assessment" is a pitfall of "High-Level risk assessment"
According to the ISA material, when initiating the CSMS program with initial/high level risk assessment the common pitfall is to immediately jump into detailed risk assessment
This is a pitfall during the High Level Risk Assessment. Answer is B.
Whats the correct answer? B or D?
We must select methodologies for identifying and prioritizing these risks and then execute those methodologies. We must identify them upfront and provide the structure for the rest of the risk assessment. We want to involve the stakeholders identified during the initiate step. The common pitfall here is to immediately jump into a detailed risk assessment. It's easy to do, especially with technical stakeholders. We have this shiny object syndrome that we tend to do, "Ooh, look at that. I'm going to go chase that for now. Ooh, look, I want to chase that for now." Avoid that shiny object syndrome, especially when you're doing the risk assessments. You get to see some cool things but you've got to stay focused and stay on track. IC32M page 190