When determining how to protect an organization's information assets, thefirst considerationshould be theorganization's business modelbecause:
Contextual Risk Management:The business model dictates thetypes of datathe organization processes, stores, and transmits.
Critical Asset Identification:Understanding how the business operates helps prioritizemission-critical systemsand data.
Security Strategy Alignment:Ensures that security measures align with business objectives and requirements.
Regulatory Compliance:Different industries have unique compliance needs (e.g., healthcare vs. finance).
Other options analysis:
A. Prioritized inventory:Important but less foundational than understanding the business context.
C. Vulnerability assessments:Relevant later, after identifying critical business functions.
D. Risk reporting:Informs decisions but doesn’t form the primary basis for protection strategies.
CCOA Official Review Manual, 1st Edition References:
Chapter 2: Risk Management and Business Impact:Emphasizes considering business objectives before implementing security controls.
Chapter 5: Strategic Security Planning:Discusses aligning security practices with business models.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit