Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:
Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:
Gathering business requirements involves identifying and documenting the criticality and value of organizational assets to ensure they meet business objectives. It also involves determining how these assets will be used to complete a full inventory. However, this does not necessarily include gathering information about each asset's usefulness, as usefulness is often a subjective measure that depends on various external factors beyond the basic inventory, criticality, and value assessments. A full inventory depends on specific data collection processes rather than just business requirements.
I feel that this is a really awkward question. I thought the answer is A. Surely the usefullness is derived from the value.
I recall a similar question in the OSG question bank also stating usefullness cannot be gathered from this, also thought that was weird but it must be what ISC2 is looking for.
I believe what determines the criticality of an asset is its usefulness. Consider reviewing the question for clarity.
It's usefulness. In taking CISM, CISSP, and other security exams, business requirements would involve criticality and value as part of a risk assessment, which is needed. The question notes about determining information, so that would involve full inventory. Usefulness does not help because if that's all the information that I have about the product, I truly do not know where it fits into the organization. A pencil maybe useful because it writes, but what if the organization does not need a pencil and uses only computers?
D: Usefulness
Gathering business requirements helps an organization determine the criticality, value, and usefulness of assets. However, it does not directly result in a full inventory of assets. A comprehensive asset inventory is typically built through asset management or IT configuration management processes, not solely from business requirements gathering. Why Not the Others? B. Criticality → Business requirements help determine which assets are critical for operations and continuity. C. Value → Business requirements aid in assessing the financial or strategic value of assets. D. Usefulness → Business requirements identify how an asset contributes to business operations and objectives.