A Note Before You Begin

Every time you sit with a question like this, you are not just preparing for an exam. You are training yourself to think like a security leader. This scenario reflects the real world, where cybersecurity decisions affect budgets, operations, and trust at the highest levels.

Thank you for choosing to study the CISSP and work toward becoming a security professional. The future of this field depends on people like you who are willing to think deeply, act responsibly, and lead with clarity.

Good luck out there.

Luke Ahmed

After a backend system failure at Rymar Tech, the company’s cloud infrastructure triggered automatic scaling to maintain service uptime. Redundant instances were launched, traffic was rerouted, and customer experience remained unaffected. But the next billing cycle showed a sharp increase in cloud service charges. Now the CFO is asking: “Why did we spend so much more this month?”

As the security manager, how should you respond to ensure alignment between incident handling and financial oversight?

A. Enforce manual approval from Finance before backup systems are allowed to activate

B. Deactivate overflow routing for all non-critical workloads to limit potential cost

C. Ensure all incident response actions are automatically linked to financial reporting tools

D. Send Finance a report only when incident costs exceed a defined limit

Think Like a Manager

This question is about bridging the gap between cybersecurity actions and business visibility. It is not about controlling cloud costs, redesigning infrastructure, or disabling availability protections. In the CISSP world, you are expected to think like a manager. That means seeing technical outcomes through a business lens.

In this case, the increased cost was a feature, not a failure. The cloud scaled up as designed to keep operations running. That is resilience in action. But if Finance was not aware this could happen or did not see the cause, that is not a security failure. It is a visibility failure.

Why the Other Choices Fall Short

A. Manual finance approval before backup activationThis is not a viable approach. Incidents do not wait for budget meetings. You cannot introduce delays into availability protections. Real-time elasticity must remain automated because business continuity depends on it.

B. Turning off overflow for non-critical servicesJust because something is considered non-critical today does not mean it is safe to remove its protection. Disabling controls without a formal risk reassessment is a reactive decision and undermines the long-term security posture.

D. Notifying the CFO only after passing a cost thresholdThis may sound practical, but it falls short strategically. It still relies on manual reporting and only triggers after the fact. What if a small cost carried major value? What if the CFO needs context, not just a number? This approach does not build process maturity. It creates blind spots.

CISSP Core Concept: Visibility and Communication

Every time cloud elasticity is triggered, costs increase. That is how on-demand scalability works. But if that cost is tied to an incident response action, then it is not just a technical event. It is a business event. And business events require communication.

That is why the right answer connects technical response logs with financial reporting systems. This way, the CFO sees the line item and understands the reason behind it. That is how you create alignment between departments. And that is exactly what CISSP expects you to demonstrate.

Security worked. Now show them why it was worth it!