nerdexam
ExamsCAS-002Questions#213
CompTIA

CAS-002 · Question #213

CAS-002 Question #213: Real Exam Question with Answer & Explanation

The correct answer is D: eGRC. An eGRC (electronic Governance, Risk, and Compliance) platform is purpose-built to manage the full lifecycle of IT security policies-creation, review cycles, approval workflows, versioning, distribution, attestation tracking, and retirement. This directly satisfies the CISO's obj

Question

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO's objectives?

Options

  • ACoBIT
  • BUCF
  • CISO 27002
  • DeGRC

Explanation

An eGRC (electronic Governance, Risk, and Compliance) platform is purpose-built to manage the full lifecycle of IT security policies-creation, review cycles, approval workflows, versioning, distribution, attestation tracking, and retirement. This directly satisfies the CISO's objective of establishing a manageable, automated mechanism for policy governance. CoBIT (A) is an IT governance framework of principles and practices, not a lifecycle management tool. UCF (B) (Unified Compliance Framework) is a compliance mapping database that maps controls across frameworks, not a policy management system. ISO 27002 (C) is a reference standard providing security control guidance, not a tool for managing policy lifecycles. The key distinction is that eGRC is an operational tool, while the others are frameworks or standards.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice