CSL CSL Security Budgeting & Program Management

Question 1

Which method is most effective for justifying cybersecurity budget increases to a CFO or board?

Accepted Answer

Quantifying risk in financial terms using frameworks like FAIR

Answer

The FAIR (Factor Analysis of Information Risk) framework translates cyber risks into quantified financial loss exposure, which directly supports financial decision-making.

Question 2

A CISO is building the annual security budget. Which category typically represents the largest portion of a mature security program's budget?

Accepted Answer

Technology and tooling

Answer

Technology and tooling (SIEM, EDR, IAM, firewalls, etc.) typically constitute the largest proportion of enterprise cybersecurity budgets.

Question 3

What is a key benefit of using a security maturity model when presenting the security program to the board?

Accepted Answer

It provides a structured roadmap showing current state, target state, and progress

Answer

Maturity models like CMMI or NIST CSF tiers give boards a clear, structured picture of where the security program stands and what investment is needed to advance.

Question 4

Which approach best helps a CISO prioritize security investments when budget is constrained?

Accepted Answer

Align spending to the highest-probability, highest-impact risks identified in the risk register

Answer

Risk-based prioritization ensures that limited budget is concentrated on the threats most likely to materially harm the organization.

Question 5

What does a cybersecurity program charter formally establish?

Accepted Answer

The authority, scope, objectives, and governance structure of the security program

Answer

A program charter grants formal authority to the security program, defines its scope, and establishes governance mechanisms — essential for enterprise-wide security enforcement.

(CSL) Cybersecurity Leadership Certification Practice Test

(CSL) Cybersecurity Leadership Certification Practice Test

CSL CSL Security Budgeting & Program Management