nerdexam
(ISC)2

CISSP · Question #651

Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

The correct answer is B. Changes to core missions or business processes. An Information Security Continuous Monitoring (ISCM) strategy is designed to provide ongoing surveillance of an organization's information security posture, ensuring that any potential risks or vulnerabilities are promptly identified and mitigated. The primary reason for changing

Submitted by viktor_hu· Mar 5, 2026Security and Risk Management

Question

Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

Options

  • ATesting and Evaluation (TE) personnel changes
  • BChanges to core missions or business processes
  • CIncreased Cross-Site Request Forgery (CSRF) attacks
  • DChanges in Service Organization Control (SOC) 2 reporting requirements

How the community answered

(57 responses)
  • A
    14% (8)
  • B
    49% (28)
  • C
    7% (4)
  • D
    30% (17)

Explanation

An Information Security Continuous Monitoring (ISCM) strategy is designed to provide ongoing surveillance of an organization's information security posture, ensuring that any potential risks or vulnerabilities are promptly identified and mitigated. The primary reason for changing or updating an ISCM strategy is when there are changes to core missions or business processes. Here's Changes to core missions or business processes often require adjustments in the risk landscape of an organization. When there are shifts in business priorities, objectives, or the nature of services and products offered, new risks may emerge that need to be addressed through updated monitoring strategies. For example, if an organization shifts to cloud-based operations or adopts new business models, the monitoring focus might need to change to cover new vulnerabilities or compliance requirements. Adapting to business changes ensures that the ISCM strategy remains aligned with organizational goals and risk management needs.

Topics

#continuous monitoring#ISCM#business process changes#security strategy

Community Discussion

No community discussion yet for this question.

Full CISSP Practice