What does it mean to think from a "management perspective"?

flippedmanflippedman Member Posts: 15 ■□□□□□□□□□
One common theme that is repeated through my review of the various posts, is that people emphasize viewing the CISSP exam through the lens of management.

I somewhat understand what this means, but being a technical guy myself and not management what exactly DOES it mean?

For example, I could tell you about the different modes of DES from a technical pov, from a management point of view how would I approach it?


  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,718 Admin
    Management thinks about the need to implement a control (risk management), the cost to implement a control (both immediate costs and long-term for maintenance in terms of TCO), the manpower and paperwork needed to maintain the control, and what the possible benefits to revenue there might be (ROI, if any).

    These are all excellent things for technical people to consider, too, when dealing with cost-conscious management people.
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityMember Posts: 807 ■■■■■■□□□□
    I would tend to think of it (at least how I applied it in my CISSP prep) was to think of things "in the big picture". Take something like an IDS - from a technical perspective a technical person would know what an IDS is/does, and might be very familiar with a certain product/vendor (what they make, features, configuration of, etc). From a management perspective, you'd know what an IDS is/does, but also what is the TCO, what is needed to implement it, what are the benefits as well as the negatives, will/could there be any down stream impacts (it may not work with certain technologies already in your infrastructure for example).
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • MadTheoryMadTheory Registered Users Posts: 4 ■□□□□□□□□□
    From a technical perspective, you tend to want to fix or solve the problem yourself even if you are not the expert. From a management perspective, you find the specialist or professional to make sure it’s done right. To use the example from the book I studied from, CISSP Study Guide by Eric Conrad, when designing a fire suppression system, bring in the fire marshal or hire a company that specializes in it.
  • famosbrownfamosbrown Member Posts: 637
    The above replies are pretty good. When I was studying, taking practice exams, and the actual exam, I had to remind myself about the "management perspective" concept. Many times, you will want to answer/analyze some from a purely technical viewpoint. This is okay, but the final decision should be the best for the business.

    Levels of security (physical, logical, etc) will differ for a financial institution compared to a small convenience store. Both may have infinite amount of money for security. Technically, let's get the best money can buy and figure out the rest later. As a "manager", what really makes sense to implement based on established business and security requirements.

    So many examples, but I think you will be okay just remembering to ask yourself what makes sense from a business/managerial standpoint. Don't get caught in the "my manager would" debacle because some are just plain "out of touch" :D.

    When doing my practice exams, I got some questions wrong because I looked at things strictly technically. After reading the right answer and why it was right, I saw that I rushed to the most technical answer without actually considering the requirements being presented to me in the question. It's actually the same in the real world too...need some business savvy folk in IT to keep things "realistic".
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
Sign In or Register to comment.