Exam Tips (8/10)

Apply a managerial approach to the scenarios in the questions. The exam tests your skill from the perspective of being an information security manager and not someone who is involved in carrying out day-to-day technical/administrative activities. In other words, your job is to advise the business on how they can best manage security. Your job is not to do their job for them, such as changing the firewall settings or tuning the IDS.
Consider the following example:
What is the purpose of access controls?
Technical Perspective: To safeguard the network, assets, and so on
Managerial Perspective: To ensure the confidentiality of business data that is valuable to the organization
Most importantly, the safety of human life is the priority for the information security manager. So when responding to questions, remember that saving human lives takes precedence over any other options that may be given.