oh man, don't you just LOVE all those random chatgpt/bard/copilot answers being plastered all over the discussion sections... This sht it killing the site value!...
Anyway, I think it's D. You're monitoring what's going on in the wild lands and based on that you figure out the risks and adjust controls where necessary (maintaining an "appropriate security controls environment").
Answer is C: Because it ensures the security control environment is comprehensive, standardized, and scalable, which is essential for effective risk management and governance.
Monitoring of the threat landscape helps in adjusting controls, but doesn’t establish a baseline or structured control environment.
Answer D is correct: By monitoring the threat landscape, the security manager is able to assess the applicability of threats. If he sees a threat as applicable, may assess whether there is any vulnerability that results in a risk.
Referring to a best practice framework can help, but its likely that many controls from the best practice framework are not needed, since there is no applicable use case.
Best answer here is D. Its always scary seeing training involved in a question. At that point you have to dive into the meat of the question to address every word in the question.
An industry security framework such as NIST-CSF would help maintaining an 'appropriate' security controls environment. All other answers are addressed in a security framework.
All of the options listed - periodic employee security training, budgetary support for security, alignment to an industry security framework, and monitoring of the threat landscape - can contribute to maintaining an appropriate security control environment. However, if we have to choose the option that best enables an organization to maintain an appropriate security control environment, it would likely be:
C. Alignment to an industry security framework.
Alignment to an industry security framework provides a structured and comprehensive approach to establishing and maintaining security controls. Industry security frameworks, such as ISO 27001, NIST Cybersecurity Framework, or CIS Controls, offer guidelines, best practices, and standards that organizations can follow to establish effective security controls.
C. Alignment to an industry security framework
Alignment to an industry security framework provides a structured and comprehensive approach to security controls. It helps organizations establish a strong foundation for security by following best practices and standards specific to their industry. This approach ensures that the organization is addressing known security risks and vulnerabilities effectively.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AlexJacobson
Highly Voted 8 months, 2 weeks agoSHERLOCKAWS
Most Recent 1 week, 3 days agoJosef4CISM
2 months, 2 weeks agoshootnot
4 months, 3 weeks agoyottabyte
6 months, 2 weeks agoPOWNED
8 months, 1 week agoSHERLOCKAWS
10 months agoSoleandheel
10 months, 2 weeks agoCyberbug2021
10 months, 3 weeks agoBl1024
10 months, 4 weeks agokoala_lay
12 months agorichck102
1 year agowickhaarry
1 year agooluchecpoint
1 year, 1 month ago