Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 119 discussion

Actual exam question from Isaca's CISM
Question #: 119
Topic #: 1
[All CISM Questions]

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action?

  • A. Report the risk to the information security steering committee.
  • B. Determine mitigation options with IT management.
  • C. Communicate the potential impact to the application owner.
  • D. Escalate the risk to senior management.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by richck102 at May 25, 2023, 6:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
justx
3 months, 1 week ago
Selected Answer: D
According to the question, the mitigation exists , (Patch)..But the application owner is aware and will not install .. Seem Escalation is the next logical step..
upvoted 1 times
...
oluchecpoint
9 months, 2 weeks ago
Selected Answer: C
C. Communicate the potential impact to the application owner. It's crucial to engage with the application owner and communicate the potential security risks and impact of not installing the necessary patches. This step allows for a collaborative discussion to find a solution that balances security and business continuity concerns. The application owner may not be fully aware of the security implications, so providing them with this information is essential. Depending on the outcome of this communication, further actions such as reporting to the information security steering committee, working with IT management on mitigation options, or escalating to senior management may be considered, but it's important to involve the relevant stakeholders first to reach a consensus and make an informed decision.
upvoted 1 times
...
oluchecpoint
1 year, 2 months ago
C. Communicate the potential impact to the application owner. It's crucial to engage with the application owner and communicate the potential security risks and impact of not installing the necessary patches. This step allows for a collaborative discussion to find a solution that balances security and business continuity concerns. The application owner may not be fully aware of the security implications, so providing them with this information is essential. Depending on the outcome of this communication, further actions such as reporting to the information security steering committee, working with IT management on mitigation options, or escalating to senior management may be considered, but it's important to involve the relevant stakeholders first to reach a consensus and make an informed decision.
upvoted 1 times
...
DavoA
1 year, 4 months ago
Selected Answer: C
You need to speak to the business owner but anyone else
upvoted 1 times
...
DASH_v
1 year, 5 months ago
Selected Answer: C
Simple, in a real world, you talk to your colleagus first before esclation. Unless, you don't care the relationship at all, how possible?
upvoted 3 times
[Removed]
1 year, 4 months ago
but the app owner knows the impact and still hasnt approved the patch
upvoted 3 times
...
...
richck102
1 year, 5 months ago
Selected Answer: B
B. Determine mitigation options with IT management.
upvoted 1 times
seric01
8 months, 2 weeks ago
Agree, app owner knows the impact and still hasnt approved the patch, now we must mitigate
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel