Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam 712-50 All Questions

View all questions & answers for the 712-50 exam

Exam 712-50 topic 1 question 333 discussion

Actual exam question from ECCouncil's 712-50
Question #: 333
Topic #: 1
[All 712-50 Questions]

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda. The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?

  • A. The CISO reports to the IT organization
  • B. The CISO has not implemented a policy management framework
  • C. The CISO does not report directly to the CEO of the organization
  • D. The CISO has not implemented a security awareness program
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
johndoe69
4 months, 1 week ago
Selected Answer: A
CISO Reporting Structure: When the CISO reports to the IT organization, their influence might be limited to the IT domain, making it challenging to implement and enforce security measures across other business units. This reporting structure can lead to a perception that security is just an IT issue rather than a critical enterprise-wide concern. To be effective, the CISO should ideally have a broader mandate and visibility across the organization, which is often achieved by reporting directly to the CEO or another high-level executive such as the COO.
upvoted 1 times
...
Boats
1 year, 6 months ago
If A is true, then C would be true as well. It is basically the same answer to the question. If the question was turned around to how to remediate the issue then the CISO should report directly to the CEO. So the direct answer is that the CISO is reporting to IT when he should be reporting to the CEO.
upvoted 1 times
Boats
1 year, 6 months ago
I select A.
upvoted 1 times
...
...
Otto_Aulicino
2 years, 11 months ago
It is "A" based on how the question is written: "...CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization..." The answer could be "not reporting to the CEO" too, but the fact that the CISO is able to influence the IT departments and not others, makes "A" a better answer.
upvoted 2 times
...
Rufus1
3 years, 1 month ago
"A" means that CISO is in a non-executive role. There his transversal influence across the organization is limited. My opinion is that "A" is most objective choice.
upvoted 2 times
...
ahmad_Hammad
3 years, 7 months ago
I think it’s C not A
upvoted 1 times
...
e_karma
3 years, 9 months ago
How can this be "A" since nowhere in the question it says CISO reports to IT department, only that IT likes him. Most probably answer should be C.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...