exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 58 discussion

Actual exam question from Isaca's CISM
Question #: 58
Topic #: 1
[All CISM Questions]

Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?

  • A. Select the data source.
  • B. Review the confidentiality requirements.
  • C. Identify the intended audience.
  • D. Identify the data owner.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Viperhunter
3 months, 3 weeks ago
Selected Answer: C
Identifying the intended audience is crucial because different stakeholders may have different interests and priorities when it comes to vendor risk management. Understanding who will receive the metrics helps in tailoring the metrics to meet the specific needs and expectations of the audience. This ensures that the reported metrics are relevant, meaningful, and useful for the intended recipients. While other factors, such as selecting the data source (option A), reviewing confidentiality requirements (option B), and identifying the data owner (option D), are important considerations, determining the intended audience should be the initial step to guide the selection of appropriate performance metrics.
upvoted 2 times
...
oluchecpoint
6 months, 2 weeks ago
C. Identify the intended audience. Before diving into the specifics of data sources (A), confidentiality requirements (B), or data owners (D), it's crucial to determine who will be receiving and using the performance metrics. Different audiences may have varying needs and priorities when it comes to vendor risk management metrics. Identifying the intended audience will help tailor the selection of metrics to meet their specific requirements and ensure that the metrics are relevant and meaningful to the stakeholders involved. Once the intended audience is clear, you can then proceed to consider factors such as data sources, confidentiality requirements, and data ownership to ensure that the selected metrics are both accurate and compliant with organizational policies and regulations.
upvoted 1 times
...
richck102
10 months ago
C. Identify the intended audience.
upvoted 1 times
...
mad68
10 months, 1 week ago
Selected Answer: C
Acquiring a new company can introduce significant security risks for an organization, particularly if the acquired company has different security policies, procedures, and standards than the acquiring organization. Therefore, it is essential for the information security manager of Company A to thoroughly assess and evaluate the security posture of Company B before the acquisition is completed.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago