Which of the following is CRITICAL for the success of CSF Step 6: Determine, Analyze and Prioritize Gaps?
Correct Answer: C
A clear understanding of the likelihood and impact of cybersecurity events is critical for the success of CSF Step 6, as it helps to prioritize the gaps and actions based on the risk assessment and the cost-benefit analysis of the proposed solutions12. References7 Steps to Implement & Improve Cybersecurity with NISTNIST CSF: The seven-step cybersecurity framework process
Question 17
Which of the following is an objective of Implementation Phase 3 - Where Do We Want to Be?
Correct Answer: C
This is an objective of Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise's governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes developing a business case that provides the rationale and justification for the improvement program, and a high-level program plan that outlines the scope, objectives, approach, and resources of the program3 . References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: Business Case Development - ISACA : How to Write a Business Case for Cybersecurity Projects | Infosec
