nerdexam
ExamsCAS-001Questions#336
CompTIA

CAS-001 · Question #336

CAS-001 Question #336: Real Exam Question with Answer & Explanation

The correct answer is D: eGRC. An eGRC (electronic Governance, Risk, and Compliance) platform is a software tool specifically designed to manage the full lifecycle of IT security policies - including creation, review, approval, distribution, exception handling, and retirement/versioning. Unlike frameworks (CoB

Question

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO's objectives?

Options

  • ACoBIT
  • BUCF
  • CISO 27002
  • DeGRC

Explanation

An eGRC (electronic Governance, Risk, and Compliance) platform is a software tool specifically designed to manage the full lifecycle of IT security policies - including creation, review, approval, distribution, exception handling, and retirement/versioning. Unlike frameworks (CoBIT, ISO 27002) or mapping tools (UCF), an eGRC solution provides workflow automation and a centralized repository that enforces process around when policies are created, who approves them, how they are communicated, and when they expire or are reviewed. This directly addresses the CISO's objective of establishing a mechanism to manage policy lifecycle.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice