Which of the following is an objective of Implementation Phase 3 - Where Do We Want to Be?
Correct Answer: C
This is an objective of Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise's governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes developing a business case that provides the rationale and justification for the improvement program, and a high-level program plan that outlines the scope, objectives, approach, and resources of the program3 . References: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: Business Case Development - ISACA : How to Write a Business Case for Cybersecurity Projects | Infosec
NIST-COBIT-2019 Exam Question 17
During CSF implementation, when is an information security manager MOST likely to identify key enterprise and supporting alignment goals as previously understood?
Correct Answer: B
This CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. This step helps to ensure that the cybersecurity activities and outcomes are aligned with the enterprise goals and strategy34. References: 1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity Framework Using COBIT 2019 | ISACA 3: COBIT 2019 Design and Implementation COBIT Implementation 4: COBIT 2019 Foundation | Skillsoft Global Knowledge
