Certified Chief Information Security Officer (CCISO) — Question 44

When selecting a security solution with reoccurring maintenance costs after the first year

Answer options

• A. Implement the solution and ask for the increased operating cost budget when it is time
• B. Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
• C. Defer selection until the market improves and cash flow is positive
• D. The CISO should cut other essential programs to ensure the new solution's continued use

Correct answer: B

Explanation

Option B is correct because communicating future costs to the CIO/CFO ensures there is a plan in place for ongoing funding, which is essential for the solution's sustainability. Option A is risky as it relies on last-minute budget requests, while option C delays the decision unnecessarily, and option D jeopardizes other vital programs for a single solution.