LOGBOOK

HELP

Quiz Entry - updated: 2026.06.23

The learning statements summarize cybersecurity as a "business, governance, and resilience" topic, not just a technical one. What is the practical significance of that framing?

It means security decisions must be justified in business terms — value, risk, and resilience — so they connect to organizational goals, win executive support, and survive budget scrutiny.

A purely technical framing ("we need this firewall") loses arguments at board level; a business-and-governance framing ("this control protects the revenue and trust the company depends on, and meets our regulatory duty") wins them. The whole modelling method — drivers, high-value assets, threat actors, multi-dimensional impact, a risk-based roadmap — exists to let a CISO speak the language of likelihood, severity, reputation, and financial impact. WHY it matters: security that cannot articulate business value gets underfunded, and underfunded security is the kind that fails.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jun 23, 2026