CISSP Question #543: Real Exam Question with Answer & Explanation

The correct answer is A: Assess business risk and apply security resources accordingly. Assessing business risk and applying security resources accordingly is the most effective practice for providing value to an organization as a security manager. Business risk is the potential for loss or harm to the organization's assets, reputation, or objectives due to internal

Submitted by layla.eg· Mar 5, 2026Security and Risk Management

Question

As a security manger which of the following is the MOST effective practice for providing value to an organization?

Options

AAssess business risk and apply security resources accordingly
BCoordinate security implementations with internal audit
CAchieve compliance regardless of related technical issues
DIdentify confidential information and protect it

Explanation

Assessing business risk and applying security resources accordingly is the most effective practice for providing value to an organization as a security manager. Business risk is the potential for loss or harm to the organization's assets, reputation, or objectives due to internal or external threats. Security resources are the people, processes, and technologies that are used to protect the organization's information and systems. By assessing the business risk, the security manager can identify and prioritize the most critical and likely threats and vulnerabilities, and align the security resources with the organization's goals and needs. This way, the security manager can provide value by optimizing the security performance, reducing the security costs, and enhancing the business outcomes.

Topics

#risk management#business alignment#security strategy#resource allocation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions