A CISO is developing a new enterprise-wide security program. Which of the following approaches would BEST ensure alignment between the security function and the organization's business strategy?
Engage with business unit leaders to understand their strategic objectives before designing security controls
Implement industry standard security frameworks based on the organization's sector
Benchmark security practices against competitors in the same industry
Focus on deploying advanced technical security solutions that address current threats
The correct answer is to engage with business unit leaders to understand their strategic objectives before designing security controls. This approach ensures that the security program is directly tied to business needs and objectives from the beginning.
Starting with business engagement allows the Chief Information Security Officer (CISO) to understand what matters most to the organization, what risks are acceptable, and how security can enable rather than hinder business functions. This creates alignment between security and business strategy by design, rather than trying to retrofit security after the fact.
The other approaches have flaws:
Implementing industry standard frameworks without consideration for specific business needs may create unnecessary controls or miss critical business-specific risks.
Focusing on technical solutions first represents a bottom-up approach that may not address business priorities.
Benchmarking against competitors may provide useful insights but doesn't ensure alignment with your specific organization's unique business strategy and objectives.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What specific techniques can a CISO use to engage with business unit leaders effectively?
Open an interactive chat with Bash
What are some common industry-standard security frameworks, and what do they entail?
Open an interactive chat with Bash
How can a security program hinder business functions if not aligned with business strategy?
Open an interactive chat with Bash
ISC2 CISSP
Security and Risk Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access