Your company decides to invest in solutions, in the coming year, to support salespeople as road warriors and boost sales. Laptops, mobile phones, VPN, wireless networks, and customer relationship management (CRM) systems are parts of the selected solution. As a CISO, which of the following is the least concern when developing a risk management strategy?
A. Foreign ownership, control, or influence over suppliers
B. Investment strategies
C. The impact of the solution upon business processes
D. Laws and regulations
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. The impact of the solution upon business processes.
Before the risk management program is enacted, a risk management strategy should be developed, which guides the risk management processes. A risk management strategy will typically consider the following issues:
- Trust relationships with vendors, providers, and partners, e.g., Foreign ownership, control, or influence (FOCI) over suppliers
- Investment strategies
- Applicable laws and regulations
“C. The impact of the solution upon business processes” is part of risk analysis, a process conducted after the risk management strategy has been developed.
Moreover, the risk management strategy is typically organization-wide and integrated into business processes. Consider the impact of a specific solution or at the solution level is too limited.