Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU C727 - Cybersecurity Management I – Strategic EXAM ELABORATIONS QUESTIONS AND VERIFIED ANSWERS 2026 UPDATE 100% SOLVED

Rating
-
Sold
-
Pages
25
Grade
A+
Uploaded on
16-01-2026
Written in
2025/2026

WGU C727 - Cybersecurity Management I – Strategic EXAM ELABORATIONS QUESTIONS AND VERIFIED ANSWERS 2026 UPDATE 100% SOLVED

Institution
Course

Content preview

WGU C727 - Cybersecurity Management I –
Strategic
EXAM ELABORATIONS QUESTIONS
AND VERIFIED ANSWERS 2026 UPDATE
100% SOLVED
Institution: Western Governors University (WGU) Course: C727 Cybersecurity Management I
– Strategic Document Type: Strategic Assessment & Comprehensive Study Guide Version:
2026 Academic Update Word Count: Approx. 15,000 Words

Table of Contents
1.​ Executive Overview: The Strategic CISO Perspective
2.​ Domain I: Information Security Governance (Questions 1–10)
○​ Topics: Strategic Alignment, Steering Committees, CISO Roles, ISO 27001
Leadership, Governance Frameworks.
3.​ Domain II: Risk Management Strategy (Questions 11–20)
○​ Topics: NIST RMF, Quantitative vs. Qualitative Analysis, Risk Appetite, Risk
Treatment Strategies.
4.​ Domain III: Legal, Regulatory, and Compliance Landscapes (Questions 21–30)
○​ Topics: GDPR vs. US CLOUD Act, Due Diligence vs. Due Care, Intellectual
Property, Ethics.
5.​ Domain IV: Enterprise Security Architecture (Questions 31–40)
○​ Topics: SABSA vs. TOGAF, Zero Trust Implementation, Cloud Shared
Responsibility Models.
6.​ Domain V: Incident Management & Business Continuity (Questions 41–50)
○​ Topics: BIA, RTO/RPO Optimization, Ransomware Decision Matrices, Tabletop
Exercises.
7.​ Domain VI: Supply Chain Risk & Emerging Trends (Questions 51–55)
○​ Topics: Vendor Risk Lifecycle, NIST CSF 2.0 Supply Chain Governance, CMMI
Maturity Models.


Executive Overview: The Strategic CISO
Perspective
The transition from tactical cybersecurity operations to strategic management requires a
fundamental shift in perspective. Where a security analyst focuses on the configuration of a

,firewall or the remediation of a specific vulnerability, the strategic manager—and ultimately the
Chief Information Security Officer (CISO)—must focus on the alignment of these technical
activities with the broader goals of the enterprise. The WGU C727 curriculum emphasizes this
"Tone at the Top," integrating frameworks like NIST, ISO, and COBIT to create a governance
structure that not only protects value but enables business innovation. This document provides
an exhaustive elaboration of 55 critical exam questions, designed not merely to test knowledge
but to deepen the candidate's understanding of strategic nuance, risk economics, and executive
communication.


Domain I: Information Security
Governance
Question 1
Scenario: A newly hired CISO discovers that the organization’s current security projects are
disconnected from the business’s long-term goals. The CISO intends to establish a governance
body to rectify this alignment issue. Question: Which of the following governance bodies is
most appropriate for ensuring that information security strategies align with business objectives
and for prioritizing security investments based on enterprise risk? A) The Change Advisory
Board (CAB) B) The Information Security Steering Committee C) The Security Operations
Center (SOC) Management Team D) The Audit and Compliance Committee
Correct Answer: B) The Information Security Steering Committee
Strategic Analysis & Elaboration: The establishment of an Information Security Steering
Committee is the preeminent mechanism for achieving strategic alignment between IT security
and the business. This committee is typically comprised of senior executives from various
functional areas—such as Legal, Human Resources, Finance, and Operations—alongside the
CISO and CIO. Its primary mandate is to review risk profiles, approve major security policies,
and prioritize initiatives to ensure they support the organization's mission.
From a strategic vantage point, the Steering Committee serves as a translation layer. It converts
the technical necessities articulated by the CISO into business imperatives understood by the
Board. Without this body, security decisions are often made in a vacuum, leading to
"misalignment"—a state where security either stifles business agility through excessive controls
or leaves the business exposed through negligence. The Steering Committee ensures that
security is viewed not as a technical hurdle but as a business enabler.
●​ Why Option A is incorrect: The Change Advisory Board (CAB) is a tactical body
focused on IT Service Management (ITSM). Its role is to assess the risk of specific
changes to the IT environment (e.g., patching a server, updating a firewall rule) to prevent
outages. It does not set long-term strategy or align security with corporate goals.
●​ Why Option C is incorrect: The SOC Management Team is purely operational, focused
on the daily detection and containment of threats.
●​ Why Option D is incorrect: While the Audit Committee (a subset of the Board) provides
oversight, they do not manage the active prioritization or strategic direction of security
projects; they simply verify that risks are being managed.

, Question 2
Scenario: The Board of Directors has tasked the CISO with developing metrics to demonstrate
the value of the information security program. The Board is uninterested in technical data.
Question: Which type of metric is most effective for communicating the strategic state of
security to the Board of Directors? A) Key Performance Indicators (KPIs) focused on operational
uptime. B) Key Risk Indicators (KRIs) mapped to the organization's Risk Appetite. C) Raw
counts of vulnerabilities patched per month. D) The number of phishing emails blocked by the
email gateway.
Correct Answer: B) Key Risk Indicators (KRIs) mapped to the organization's Risk
Appetite.
Strategic Analysis & Elaboration: Executive communication requires mapping security
outcomes to business survivability and profitability. Key Risk Indicators (KRIs) are metrics used
to provide an early warning of increasing risk exposures in key areas. When a CISO presents to
the Board, the dialogue must center on whether the organization is operating within its defined
"Risk Appetite"—the amount of risk the organization is willing to accept in pursuit of value.
For example, a KRI might track "Percentage of Critical Business Processes without Disaster
Recovery Testing in the last 12 months." If this number rises, it directly indicates a threat to
business continuity, a concept board members instinctively understand. In contrast, operational
metrics fail to answer the "So What?" question. A metric showing "1 million blocked firewall
packets" is meaningless to a board member; it does not indicate whether the company is safer
or if a breach is imminent. It is merely a "vanity metric" that proves the security tools are turned
on, but not that the strategy is working.
●​ Strategic Nuance: The NIST CSF 2.0 explicitly adds the "Govern" function to emphasize
this type of communication. The CISO must contextualize data: "We blocked 10,000
attacks" becomes "Our defense-in-depth strategy prevented $2M in potential downtime
loss, keeping us within our operational risk appetite".

Question 3
Scenario: An organization is adopting the ISO/IEC 27001 standard for its Information Security
Management System (ISMS). Question: According to ISO 27001 Clause 5, what is the specific
responsibility of Top Management regarding the ISMS? A) To personally configure the root
access controls for critical servers. B) To demonstrate leadership and commitment by ensuring
the information security policy and objectives are established and compatible with the strategic
direction. C) To outsource all liability for data breaches to a third-party insurance provider. D) To
conduct the daily log reviews for the SIEM platform.
Correct Answer: B) To demonstrate leadership and commitment by ensuring the
information security policy and objectives are established and compatible with the
strategic direction.
Strategic Analysis & Elaboration: Clause 5 of ISO 27001 ("Leadership") acts as the
foundation for the entire standard. It mandates that information security is not an IT back-office
function but a top-down organizational imperative. The standard explicitly states that Top
Management (the C-Suite) must provide the resources (budget, personnel) and the authority
required for the ISMS to function.
This requirement combats the common strategic failure where executives "support" security in
speech but deny it in budget. By requiring alignment with "strategic direction," ISO 27001

Written for

Institution
Course

Document information

Uploaded on
January 16, 2026
Number of pages
25
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$18.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
Performance Chamberlain College Of Nursing
Follow You need to be logged in order to follow users or courses
Sold
457
Member since
2 year
Number of followers
40
Documents
18102
Last sold
2 days ago

4.3

234 reviews

5
134
4
62
3
25
2
4
1
9

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions