ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1615 discussion

Actual exam question from Isaca's CRISC
Question #: 1615
Topic #: 1
[All CRISC Questions]

Which of the following deficiencies identified during a review of an organization’s cybersecurity policy should be of MOST concern?

  • A. The policy has gaps against relevant cybersecurity standards and frameworks.
  • B. The policy lacks specifics on how to secure the organization's systems from cyberattacks.
  • C. The policy has not been reviewed by the cybersecurity team in over a year.
  • D. The policy has not been approved by the organization's board.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Joloms at Feb. 8, 2024, 4:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d3a225d
1 month, 2 weeks ago
Selected Answer: D
D. The policy has not been approved by the organization's board.
upvoted 1 times
...
Sara98
4 months, 2 weeks ago
Selected Answer: D
Board approval is crucial for demonstrating the organization's commitment to cybersecurity and ensuring that the policy aligns with the overall business strategy. A policy that has not been approved by the board may not be fully implemented or supported by senior management, which can weaken its effectiveness.
upvoted 1 times
...
Jecalyn
9 months, 3 weeks ago
Selected Answer: D
policy has not been approved should be the MOST concern
upvoted 1 times
...
Joloms
11 months, 1 week ago
ll of the deficiencies mentioned are concerning, but the one that should be of MOST concern is: D. The policy has not been approved by the organization's board. Approval by the organization's board is crucial because it signifies high-level acknowledgment and commitment to the cybersecurity policy. Without board approval, the policy may lack the necessary authority, resources, and enforcement mechanisms to be effectively implemented throughout the organization. This deficiency indicates a fundamental gap in governance and oversight, which can undermine the organization's ability to effectively address cybersecurity risks.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago