CISM Exam - Question 30

B and C are very close. If you don't have issues, why would you look to address them. When you start to address, you do cost benefit analysis to see if it is worth spending the amount to solve the issues. I would like to know why C is the answer.

Implementing IDS imply that issues are already known. So it's C.

I am leaning towards B but the answer is C and I think it is because 1) It is a business case - Cost 2) IDS was mentioned. Meaning the technology are already chosen because they know what is the issue Therefore it is a cost benefit stage. Therefore C

Before delving into financial calculations or feasibility studies, it's crucial to clearly identify and define the issues or challenges that the organization is seeking to address with the new IDS solution. Understanding the specific security needs and concerns provides a foundation for developing a comprehensive business case. This step helps in articulating the objectives, benefits, and requirements associated with the proposed solution. While calculating the total cost of ownership (TCO) (option A), performing a cost-benefit analysis (option C), and conducting a feasibility study (option D) are important components of the business case development process, defining the issues to be addressed is the initial step that sets the direction for the rest of the analysis.

Before delving into financial considerations such as calculating the total cost of ownership (TCO), performing a cost-benefit analysis, or conducting a feasibility study, it's crucial to clearly define the issues that the intrusion detection system (IDS) solution is intended to address.

B. Define the issues to be addressed.

Answer is B - I agree with Broesweelies's comment.

Cant perform a CBA is you dont know what is being addressed.

B know what problems you are trying to solve

It’B. First step define the objective and know what to do

B. Define the issues to be addressed. Most Voted

1. Clearly define the problem 2. Follow an order 3. Possible benefits and reason 4. The final results

Define the issues or challenges

C is the correct answer because anytime a business case is being developed, cost benefit analysis is a key component of its development, irrespective of what the business case is used for and especially when dealing with senior stakeholders.

Option B

The text book says the first this is describing the problem. Sounds like B. From the CISM Exam Guide, Second Edition, P. Gregory, pg 89: Developing a Business Case Many organizations require the development of a business case prior to approving expenditures on significant security initiatives. A business case is a written statement that describes the initiative and describes its business benefits.<...> The typical elements found in a business case include the following: • Problem statement This is a description of the business condition or situation that the initiative is designed to solve. The condition may be a matter of compliance, a finding in a risk assessment, or a capability required by a customer, partner, supplier, or regulator.

Selected Answer: B The first step is "Define the issues to be addressed." when developing a business case for a new intrusion detection system (IDS) solution