The valuation of IT assets should be performed by:

Posted by: Pdfprep Category: CISM Tags: , ,

The valuation of IT assets should be performed by:
A . an IT security manager.
B . an independent security consultant.
C . the chief financial officer (CFO).
D . the information owner.

Answer: D

Explanation:

Information asset owners are in the best position to evaluate the value added by the IT asset under review within a business process, thanks to their deep knowledge of the business processes and of the functional IT requirements. An IT security manager is an expert of the IT risk assessment methodology and IT asset valuation mechanisms.

However, the manager could not have a deep understanding of all the business processes of the firm. An IT security subject matter expert will take part of the process to identify threats and vulnerabilities and will collaborate with the business information asset owner to define the risk profile of the asset. A chief financial officer (CFO) will have an overall costs picture but not detailed enough to evaluate the value of each IT asset.

Leave a Reply

Your email address will not be published.