Certified Information Security Manager (CISM) — Question 17

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Answer options

• A. Calculate the total cost of ownership (TCO).
• B. Define the issues to be addressed.
• C. Perform a cost-benefit analysis.
• D. Conduct a feasibility study.

Correct answer: B

Explanation

The first step in developing a business case should be to define the issues to be addressed, as this provides a clear understanding of the requirements and justifications needed for the IDS. The other options, such as calculating TCO or performing a cost-benefit analysis, are important steps but can only be accurately completed once the issues have been identified.