Exam CISA topic 1 question 844 discussion

Actual exam question from Isaca's CISA

Question #: 844
Topic #: 1

An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?

A. Outsourcing the threat and vulnerability management function to a third party
B. Maintaining a catalog of vulnerabilities that may impact mission-critical systems
C. Using a capability maturity model to identify a path to an optimized program
D. Implementing security logging to enhance threat and vulnerability management

Show Suggested Answer

Suggested Answer: C 🗳️

by 3008 at Dec. 2, 2023, 6:03 a.m.

Comments

Submit Cancel

3008

1 month, 1 week ago

Selected Answer: C

The scenario presented in the question highlights a gap in the organization's security threat and vulnerability management program. The ad hoc vulnerability scanning approach without clear alignment to the program could result in security vulnerabilities being overlooked or not addressed promptly, leaving the organization exposed to potential threats. The BEST option to address this issue is to implement a capability maturity model (CMM) to identify a path to an optimized program. A capability maturity model provides a framework to assess an organization's current level of maturity in a particular area and identify opportunities for improvement. In this case, a CMM for security threat and vulnerability management would enable the organization to evaluate its current practices and identify areas for improvement, leading to the development of a more robust and effective program

upvoted 2 times

...

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 844 discussion

Comments

3008

SY0-701