MANAGERIAL MINDSET FRAMEWORK That i Follow for my ISC2 and ISACA Exams 1. P - Policy & Strategy Level 2. R - Risk-Based Decisions 3. O - Operational Impact 4. T - Technical Details (Last consideration) For Example A global organization experiences frequent system outages during patch deployments. The CISO needs to improve the patching process while minimizing business disruption. Which of the following approaches would BEST address this issue? A. Implement automated patch deployment tools across all systems B. Develop a risk-based patch management strategy with defined maintenance windows. C. Increase the frequency of patch deployments; D. Deploy redundant systems for failover during patching ELIMINATION PROCESS: Step 1: Apply Business-First Thinking · Identify business impact (system outages, disruption) · Consider strategic objectives (stability, availability) Step 2: Eliminate Tactical/Technical-Only Solutions · Eliminate A: Pure technical solution, no business consideration · Eliminate C: Increases problem frequency, no strategic value Step 3: Compare Remaining Options Through Risk Lens · Option B: Strategic, risk-based, considers business impact · Option D: Technical redundancy, costly, doesn't address root cause Step 4: Select Best Management-Level Solution · Choose B: Provides strategic framework, considers business needs, manages risk 1. WHY B IS CORRECT: · Strategic approach · Risk-based decision making · Considers business operations · Provides management framework · Balances security with business needs Remember: · Always choose strategic over tactical · Risk-based over technical-only · Business impact over technical capability Long-term solution over quick fix Created By: Prabh Nair (He/Him) 2nd degree connection2nd CISO for Day | Your Mentor for Life🏆 | Podcaster | CISSP-ISSAP| CGRC| CCSP | CSSLP | CISM | CRISC | CISA | CDPSE | CIPM | CIPP/E