"new security issues associated with IT systems"
If it said "security issues with new systems" i'd understand why it's D. But in this case we aren't really talking about making changes to a system, rather keeping an eye out for emerging threats to existing systems. This looks more like A to me...
Anyone else have any thoughts?
D for me. Any potential security issues are identified and addressed as part of the routine process of making changes to IT systems and applications. Option A is important too, but may not be as timely since audits are typically conducted at set intervals and may miss issues that arise between audits.
Best approach to identify "NEW security issues"
For example,
CVE xxx regarding OS xxx ---> ISM learns new patches needed ---> Assessment --> then D.
If A.
periodic sec audits --> quarterly, semi annually, or yearly --> not a timely manner
A. Requiring periodic security audits of IT systems and applications
I agree with AaronS1990.. If this is happening periodically then it would have a better chance of identifying a security issue in a "timely manner".
D. Integrating risk assessments into the change management process - While its a good thing there's no guarantee that there will be any changes applied thus initiating an assessment.
D. Integrating risk assessments into the change management process
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AaronS1990
Highly Voted 1 year, 3 months agoBooict
Most Recent 2 months, 2 weeks agoThavee
7 months, 1 week agoshervin2s
8 months agoAlexJacobson
9 months, 4 weeks ago6and0
1 year, 2 months agorichck102
1 year, 4 months ago