nerdexam
ExamsCISSPQuestions#1026
(ISC)2(ISC)2

CISSP · Question #1026

CISSP Question #1026: Real Exam Question with Answer & Explanation

The correct answer is A: Exercise due diligence with regard to all risk management information to tailor appropriate. Exercising due diligence with regard to all risk management information to tailor appropriate controls is the most important thing to follow when developing information security controls for an organization. Information security controls are the policies, procedures, techniques,

Submitted by suresh_in· Mar 5, 2026Security and Risk Management

Question

Which of the following is MOST important to follow when developing information security controls for an organization?

Options

  • AExercise due diligence with regard to all risk management information to tailor appropriate
  • BPerform a risk assessment and choose a standard that addresses existing gaps.
  • CUse industry standard best practices for security controls in the organization.
  • DReview all local and international standards and choose the most stringent based on location.

Explanation

Exercising due diligence with regard to all risk management information to tailor appropriate controls is the most important thing to follow when developing information security controls for an organization. Information security controls are the policies, procedures, techniques, or mechanisms that are implemented to protect the information and systems of an organization from threats, risks, or vulnerabilities, and to ensure the confidentiality, integrity, and availability of the information and systems. Risk management is the process of identifying, analyzing, evaluating, and treating the risks that may affect the information and systems of an organization, and of monitoring and reviewing the risks and the risk treatment measures. Exercising due diligence with regard to all risk management information means that the organization has to perform a thorough and careful investigation and analysis of the risks and the risk management information, such as the risk sources, causes, impacts, likelihood, levels, or mitigation strategies, and that the organization has to use the best available evidence, methods, and practices to support the risk management decisions and actions. Exercising due diligence with regard to all risk management information to tailor appropriate controls means that the organization has to design and implement the information security controls that are suitable, effective, and efficient for the specific risks and the risk management objectives of the organization, and that the organization has to avoid over- or under-protecting the information and systems. Exercising due diligence with regard to all risk management information to tailor appropriate controls can help to ensure that the information security controls are aligned with the organization's risk appetite, tolerance, and profile, and that the information security controls can reduce the risks to an acceptable level.

Topics

#Information security controls#Due diligence#Risk management#Industry standards

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions