CGEIT Question #492: Real Exam Question with Answer & Explanation

Question

A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands- free version of a smart phone. The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility. What should be the NEXT course of action in response to the ClO's concern?

Options

• ADefine a risk mitigation strategy.
• BUpdate the acceptable use policy.
• CResearch competitor usage of similar devices.
• DAssess the risk associated with the device.

Explanation

The CIO's next course of action should be to assess the risk associated with the unknown device to understand its potential security implications before making policy or mitigation decisions.

Common mistakes.

• A. Defining a risk mitigation strategy is premature without first assessing and understanding the specific risks that the device introduces.
• B. Updating the acceptable use policy is a policy response that should follow a thorough risk assessment to ensure the policy effectively addresses the identified risks.
• C. Researching competitor usage is a strategic benchmarking activity that provides context but does not address the immediate, specific security concerns or the inherent risks of the device within this organization's data center.

Concept tested. Emerging technology risk management

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/risk-management

No community discussion yet for this question.