CISSP · Question #651
Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?
The correct answer is B. Changes to core missions or business processes. An Information Security Continuous Monitoring (ISCM) strategy is designed to provide ongoing surveillance of an organization's information security posture, ensuring that any potential risks or vulnerabilities are promptly identified and mitigated. The primary reason for changing
Question
Options
- ATesting and Evaluation (TE) personnel changes
- BChanges to core missions or business processes
- CIncreased Cross-Site Request Forgery (CSRF) attacks
- DChanges in Service Organization Control (SOC) 2 reporting requirements
How the community answered
(57 responses)- A14% (8)
- B49% (28)
- C7% (4)
- D30% (17)
Explanation
An Information Security Continuous Monitoring (ISCM) strategy is designed to provide ongoing surveillance of an organization's information security posture, ensuring that any potential risks or vulnerabilities are promptly identified and mitigated. The primary reason for changing or updating an ISCM strategy is when there are changes to core missions or business processes. Here's Changes to core missions or business processes often require adjustments in the risk landscape of an organization. When there are shifts in business priorities, objectives, or the nature of services and products offered, new risks may emerge that need to be addressed through updated monitoring strategies. For example, if an organization shifts to cloud-based operations or adopts new business models, the monitoring focus might need to change to cover new vulnerabilities or compliance requirements. Adapting to business changes ensures that the ISCM strategy remains aligned with organizational goals and risk management needs.
Topics
Community Discussion
No community discussion yet for this question.