Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 821 discussion

Actual exam question from Isaca's CISM
Question #: 821
Topic #: 1
[All CISM Questions]

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

  • A. Document risk acceptances.
  • B. Conduct an information security audit.
  • C. Assess the consequences of noncompliance.
  • D. Revise the organization's security policy.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by wello at June 16, 2023, 3:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Booict
3 months, 3 weeks ago
Selected Answer: C
Option D because it is important but not the immediate next step in this scenario. Revising the policy would be a longer-term action to ensure future compliance and alignment with industry standards.
upvoted 1 times
...
oluchecpoint
1 year, 2 months ago
Selected Answer: C
C. Assess the consequences of noncompliance. Assessing the consequences of noncompliance is a critical step to understand the potential risks and impact associated with the exceptions. This assessment can help the organization make informed decisions about whether to accept the risk (document risk acceptances) or take corrective actions (such as revising the organization's security policy or conducting an information security audit) to bring the organization into compliance with the industry-required standard.
upvoted 1 times
...
sundersam23
1 year, 4 months ago
Selected Answer: C
The next step that should be taken by the information security manager is C. Assess the consequences of noncompliance. When there are a significant number of exceptions to a newly released industry-required security standard, it is important to understand the potential consequences of noncompliance. By assessing the consequences, the information security manager can determine the level of risk associated with the exceptions and evaluate the potential impact on the organization's security posture.
upvoted 1 times
...
richck102
1 year, 4 months ago
C. Assess the consequences of noncompliance.
upvoted 1 times
...
Jae_kes
1 year, 5 months ago
Selected Answer: C
C. Assess the consequences of noncompliance.
upvoted 2 times
...
wello
1 year, 5 months ago
Selected Answer: C
By conducting a thorough assessment of the consequences, the information security manager can gain insights into the potential risks and their potential impacts on the organization's overall security and compliance posture. This assessment provides valuable information for decision-making, prioritizing remediation efforts, and determining the appropriate course of action to address the exceptions to the security standard. Once the consequences of noncompliance have been assessed, the information security manager can then proceed with appropriate actions, such as implementing additional controls, mitigating identified risks, revising security policies or procedures, or seeking further guidance from relevant stakeholders.
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel