CISSP · Question #5
A continuous information security-monitoring program can BEST reduce risk through which of the following?
The correct answer is C. Encompassing people, process, and technology. A continuous information security-monitoring program is most effective at reducing risk when it holistically encompasses people, process, and technology rather than focusing on a single technical capability.
Question
Options
- ACollecting security events and correlating them to identify anomalies
- BFacilitating system-wide visibility into the activities of critical user accounts
- CEncompassing people, process, and technology
- DLogging both scheduled and unscheduled system changes
How the community answered
(21 responses)- A14% (3)
- B5% (1)
- C76% (16)
- D5% (1)
Why each option
A continuous information security-monitoring program is most effective at reducing risk when it holistically encompasses people, process, and technology rather than focusing on a single technical capability.
Collecting and correlating security events to identify anomalies is a valuable technical capability (e.g., SIEM functionality), but it represents only the technology component of a monitoring program and does not address people or process gaps that also contribute to risk.
Providing visibility into critical user account activities addresses insider threat and privileged access monitoring, but this is a narrow, targeted use case rather than a program-wide risk reduction strategy.
A comprehensive continuous monitoring program reduces risk most broadly by integrating all three pillars: people (trained analysts and stakeholders), process (defined workflows, policies, and response procedures), and technology (tools and automation). Addressing only one dimension leaves gaps; for example, having great tools but poor processes or untrained staff still results in unmitigated risk. This holistic approach aligns with frameworks such as NIST SP 800-137, which defines continuous monitoring as encompassing organizational strategy, processes, and technical controls together.
Logging scheduled and unscheduled system changes supports change management and audit trails, but it is a single detective control and does not encompass the full scope of risk reduction that a comprehensive monitoring program provides.
Concept tested: Continuous security monitoring program holistic risk reduction
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf
Topics
Community Discussion
No community discussion yet for this question.