MANAGERIAL MINDSET FRAMEWORK That i Follow for my ISC2 and ISACA Exams
1. P - Policy & Strategy Level
2. R - Risk-Based Decisions
3. O - Operational Impact
4. T - Technical Details (Last consideration)
For Example
A global organization experiences frequent system outages during patch deployments. The CISO needs to improve the patching process while minimizing business disruption. Which of the following approaches would BEST address this issue?
A. Implement automated patch deployment tools across all systems
B. Develop a risk-based patch management strategy with defined maintenance windows.
C. Increase the frequency of patch deployments;
D. Deploy redundant systems for failover during patching
ELIMINATION PROCESS:
Step 1: Apply Business-First Thinking
· Identify business impact (system outages, disruption)
· Consider strategic objectives (stability, availability)
Step 2: Eliminate Tactical/Technical-Only Solutions
· Eliminate A: Pure technical solution, no business consideration
· Eliminate C: Increases problem frequency, no strategic value
Step 3: Compare Remaining Options Through Risk Lens
· Option B: Strategic, risk-based, considers business impact
· Option D: Technical redundancy, costly, doesn't address root cause
Step 4: Select Best Management-Level Solution
· Choose B: Provides strategic framework, considers business needs, manages risk
1. WHY B IS CORRECT:
· Strategic approach
· Risk-based decision making
· Considers business operations
· Provides management framework
· Balances security with business needs
Remember:
· Always choose strategic over tactical
· Risk-based over technical-only
· Business impact over technical capability
Long-term solution over quick fix
Created By:
(He/Him) 2nd degree connection2nd
CISO for Day | Your Mentor for Life🏆 | Podcaster | CISSP-ISSAP| CGRC| CCSP | CSSLP | CISM | CRISC | CISA | CDPSE | CIPM | CIPP/E