exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 933 discussion

Actual exam question from Isaca's CISM
Question #: 933
Topic #: 1
[All CISM Questions]

Which of the following metrics would BEST monitor how well information security requirements are incorporated into the change management process?

  • A. Information security incidents caused due to unauthorized changes
  • B. Unauthorized changes in the environment
  • C. Denied changes due to insufficient security details
  • D. Information security-related changes
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
shootnot
4 months ago
The answer should be C. Choice A would have been correct if the question was 'How badly information security requirements are incorporated', choice B- not at all incorporated.
upvoted 1 times
...
yottabyte
5 months, 3 weeks ago
Selected Answer: C
C is the answer, incident may not occur at all for a long time, but the denied number of changes in change control due to lack of security shows the volume of change requests coming in and getting denied.
upvoted 2 times
...
ElDirec
6 months ago
Selected Answer: C
The question is about how well IS requirements are incorporated, so, for that, denied changes due to insuficient security details. If we wanted to know how bad we are doing, the metric would be A
upvoted 4 times
...
Marcelus1714
7 months ago
Selected Answer: A
So the more changes you deny the better? or what is the metric? "A" makes more sense to me.
upvoted 2 times
pgonza
4 months, 1 week ago
"A" would be ideal if we want to determine how lazy we are at integrating IS in change management. Waiting for a bad thing to happen shows we are weak, not wellness
upvoted 1 times
...
...
AlexJacobson
7 months, 2 weeks ago
Selected Answer: A
Agreed with CISSPST.
upvoted 1 times
...
richck102
10 months, 4 weeks ago
C. Denied changes due to insufficient security details
upvoted 1 times
...
koala_lay
11 months ago
Selected Answer: C
C. Denied changes due to insufficient security details. This metric focuses on changes that are denied or rejected specifically because they lack sufficient security details. It indicates that the change management process is actively assessing whether proposed changes adequately address information security requirements. By tracking and monitoring the number of denied changes due to insufficient security details, an organization can gauge the effectiveness of its change management process in ensuring that information security requirements are properly incorporated. If a significant number of changes are being denied or rejected because their security details are insufficient, it suggests that the change management process is effectively considering and enforcing information security requirements. This metric encourages stakeholders to provide the necessary security details when proposing changes, reinforcing the importance of incorporating information security into the change management process.
upvoted 3 times
...
oluchecpoint
11 months, 1 week ago
Selected Answer: C
C. Denied changes due to insufficient security details This metric measures the number of changes that were denied or rejected specifically because they lacked sufficient security details. Monitoring denied changes due to insufficient security details provides a direct indication of the effectiveness of incorporating information security requirements into the change management process. It shows that changes without adequate security considerations are being rejected, indicating a proactive approach to information security.
upvoted 2 times
...
CISSPST
11 months, 3 weeks ago
Selected Answer: A
When security requirements are not incorporated into change management processes, any vulnerabilities introduced during changes may go undetected leading to security incidents. Therefore 'security incidents due to unauthorized changes is the best metric in here.
upvoted 3 times
pgonza
4 months, 1 week ago
That would measure "how bad", not "how well" as the question states. Therefore correct answer is C
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago