nerdexam
ExamsCISSPQuestions#1301
(ISC)2(ISC)2

CISSP · Question #1301

CISSP Question #1301: Real Exam Question with Answer & Explanation

The correct answer is A: Define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of. The first step in developing an Information Security Continuous Monitoring (ISCM) strategy and implementing an ISCM program is to define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, an

Submitted by kwame.gh· Mar 5, 2026Security and Risk Management

Question

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?

Options

  • ADefine a strategy based on risk tolerance that maintains clear visibility into assets, awareness of
  • BConduct a vulnerability assessment to discover current threats against the environment and
  • CRespond to findings with technical management, and operational mitigating activities or
  • DAnalyze the data collected and report findings, determining the appropriate response. It may be

Explanation

The first step in developing an Information Security Continuous Monitoring (ISCM) strategy and implementing an ISCM program is to define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts. An ISCM strategy is a document that outlines the goals, objectives, scope, and approach of the ISCM program, which is a program that involves collecting, analyzing, and reporting data on the performance and security of the information systems and networks. An ISCM strategy should be aligned with the risk tolerance of the organization, which is the level of risk that the organization is willing to accept or mitigate. An ISCM strategy should also maintain clear visibility into the assets, which are the resources that support the organization's mission and business processes, such as hardware, software, data, or personnel. An ISCM strategy should also maintain awareness of the vulnerabilities, which are the weaknesses or flaws that can be exploited by threats, as well as the up-to-date threat information, which is the data or intelligence that indicates the sources, methods, and intentions of the adversaries. An ISCM strategy should also consider the mission/business impacts, which are the consequences or effects of the security events or incidents on the organization's operations, objectives, or reputation. The other steps in developing an ISCM strategy and implementing an ISCM program are conducting a vulnerability assessment, analyzing the data collected and reporting findings, and responding to findings with appropriate actions, but these are not the first step.

Topics

#ISCM#continuous monitoring#risk management strategy#security program

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions