CISM Question #115: Real Exam Question with Answer & Explanation

Question

Which of the following is the MOST important consideration when evaluating the performance of existing security controls?

Options

• AInterviewing control owners to accurately collect metrics data
• BEstablishing testing scenarios based on international standards
• CSelecting testing methods that match the purpose of the testing
• DObtaining senior management support to facilitate testing

Explanation

To effectively evaluate security controls, the testing methods chosen must directly align with the specific goals and objectives of the evaluation.

Common mistakes.

• A. While collecting metrics is important, selecting the right testing method precedes and dictates what metrics can be accurately collected and from whom.
• B. International standards can provide guidance, but blindly following them without considering the specific purpose of the testing might not yield the most relevant results for the organization.
• D. Senior management support is beneficial for resource allocation and cooperation, but it does not directly influence the technical appropriateness of the testing methodology itself.

Concept tested. Security control evaluation methodology

No community discussion yet for this question.