CISM · Question #5
CISM Question #5: Real Exam Question with Answer & Explanation
The correct answer is D: Create an information security steering committee.. To reverse a bottom-up security approach and address systemic issues like short-term solutions and poor tracking, the information security manager should first establish an information security steering committee.
Question
A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?
Options
- AImplement an information security awareness training program.
- BConduct a threat analysis.
- CEstablish an audit committee.
- DCreate an information security steering committee.
Explanation
To reverse a bottom-up security approach and address systemic issues like short-term solutions and poor tracking, the information security manager should first establish an information security steering committee.
Common mistakes.
- A. Implementing awareness training is important but addresses user behavior rather than the systemic lack of strategic oversight and resource allocation.
- B. Conducting a threat analysis is an operational task that provides input for risk management but does not establish the necessary top-down governance structure.
- C. Establishing an audit committee primarily focuses on oversight of financial reporting and internal controls, not directly on the strategic direction and resource allocation of information security.
Concept tested. Information security governance establishment
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
Topics
Community Discussion
No community discussion yet for this question.