ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 119 discussion

Actual exam question from Isaca's CISM
Question #: 119
Topic #: 1
[All CISM Questions]

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action?

  • A. Report the risk to the information security steering committee.
  • B. Determine mitigation options with IT management.
  • C. Communicate the potential impact to the application owner.
  • D. Escalate the risk to senior management.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by richck102 at May 25, 2023, 6:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mih
1 month ago
Selected Answer: B
THE APPLICATION OWNER IS AT THE POSITION TO UNDERSTAND THE IMPACT, SO NOW RISK MITIGATION IS THE ONLY OPTION
upvoted 1 times
...
sbear123
7 months ago
Selected Answer: D
If app owner is saying no, option C does not work. Senior management needs to make a decision.
upvoted 1 times
...
justx
11 months, 1 week ago
Selected Answer: D
According to the question, the mitigation exists , (Patch)..But the application owner is aware and will not install .. Seem Escalation is the next logical step..
upvoted 1 times
...
oluchecpoint
1 year, 5 months ago
Selected Answer: C
C. Communicate the potential impact to the application owner. It's crucial to engage with the application owner and communicate the potential security risks and impact of not installing the necessary patches. This step allows for a collaborative discussion to find a solution that balances security and business continuity concerns. The application owner may not be fully aware of the security implications, so providing them with this information is essential. Depending on the outcome of this communication, further actions such as reporting to the information security steering committee, working with IT management on mitigation options, or escalating to senior management may be considered, but it's important to involve the relevant stakeholders first to reach a consensus and make an informed decision.
upvoted 1 times
...
oluchecpoint
1 year, 10 months ago
C. Communicate the potential impact to the application owner. It's crucial to engage with the application owner and communicate the potential security risks and impact of not installing the necessary patches. This step allows for a collaborative discussion to find a solution that balances security and business continuity concerns. The application owner may not be fully aware of the security implications, so providing them with this information is essential. Depending on the outcome of this communication, further actions such as reporting to the information security steering committee, working with IT management on mitigation options, or escalating to senior management may be considered, but it's important to involve the relevant stakeholders first to reach a consensus and make an informed decision.
upvoted 1 times
...
DavoA
1 year, 12 months ago
Selected Answer: C
You need to speak to the business owner but anyone else
upvoted 1 times
...
DASH_v
2 years, 1 month ago
Selected Answer: C
Simple, in a real world, you talk to your colleagus first before esclation. Unless, you don't care the relationship at all, how possible?
upvoted 3 times
[Removed]
2 years ago
but the app owner knows the impact and still hasnt approved the patch
upvoted 3 times
...
...
richck102
2 years, 1 month ago
Selected Answer: B
B. Determine mitigation options with IT management.
upvoted 1 times
seric01
1 year, 4 months ago
Agree, app owner knows the impact and still hasnt approved the patch, now we must mitigate
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel