Implementing a Zero Trust architecture requires alignment with business objectives to ensure that security measures support enterprise goals. The CGEIT Review Manual 8th Edition emphasizes that strategic initiatives, including security architectures, must start with a clear understanding of business goals to ensure relevance and value.
Extract from CGEIT Review Manual 8th Edition (Domain 3: Risk Optimization):"Security initiatives, such as the adoption of new architectures like Zero Trust, must begin with an understanding of business goals and objectives. Refining relevant business goals ensures that security measures are aligned with enterprise priorities and deliver value." (Approximate reference: Domain 3, Section on Security Strategy Alignment)
Refining relevant business goals (option A) ensures that the Zero Trust implementation focuses on protecting critical assets and processes that are most important to the business, setting the stage for subsequent technical and operational decisions.
Why not the other options?
B. Limiting the number of privileged accounts: This is a tactical measure within Zero Trust but not the first consideration, as it depends on understanding business priorities.
C. Selecting a security framework that is relevant to the business: Framework selection follows the definition of business goals, as the framework must support those goals.
D. Defining security projects to address identified control gaps: Projects are defined after identifying business goals and assessing current controls.
[References:, ISACA CGEIT Review Manual 8th Edition, Domain 3: Risk Optimization, Section on Security Strategy and Alignment., ISACA CGEIT Study Guide, Chapter on Security Governance., , , ]
Submit