B. Defense in depth
Defense in depth is considered the best strategy to implement an effective operational security posture. This approach involves layering multiple security measures and controls throughout an organization's infrastructure to provide multiple layers of protection. It goes beyond any single point of failure and helps mitigate various types of threats and vulnerabilities.
The answer is B. Defense in depth.
Defense in depth is a security strategy that involves layering multiple security controls at different stages of an attack to provide redundancy and make it more difficult for attackers to succeed. This strategy is often compared to peeling an onion, as each layer of defense must be breached before the attacker can reach the core asset.
Here's why the other options are not as effective:
A. Increased security awareness: While security awareness is important, it is not a standalone strategy for implementing an effective operational security posture. It needs to be combined with other security controls to provide a comprehensive defense.
B. Defense in depth
Defense in depth is considered the best strategy to implement an effective operational security posture. This approach involves layering multiple security measures and controls throughout an organization's infrastructure to provide multiple layers of protection. It goes beyond any single point of failure and helps mitigate various types of threats and vulnerabilities.
The keyword is a strategy and the only one that does that is (B) Defense in depth as a defense in depth is a strategy of how things should be done and why. As mentioned by MSKid, this means that Defense in Depth includes the rest.
Even if the other were strategies... the fact that defense in depth has multiple layers means that it should be able to succeed even if one fails and this is incredibly useful for operations.
Rationale:
(A) Increased security awareness is a goal/objective
(C) Threat management is a process
(D) Vulnerability management is a process
A is my answer. This is the most *direct* response to the question and is something that is drilled into our heads for CISM studying; security awareness training is critical as your #1 reason for incidents are related to employees not knowing enough about information security.
Defense in Depth is more a technological response referring to multiple layers of defense however Awareness is giving an idea on Do's and Dont's. I go with A
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MSKid
Highly Voted 1 year, 11 months agooluchecpoint
Most Recent 9 months agoCyberbug2021
11 months, 1 week agooluchecpoint
1 year, 1 month agorichck102
1 year, 5 months agodark_3k03r
1 year, 5 months agodedfef
1 year, 7 months agojaiz
1 year, 7 months agoAntonivs
1 year, 9 months agoBroesweelies
1 year, 9 months agoProspect57
1 year, 9 months agoSSP_Secure
1 year, 9 months agoDorcy
2 years agoCytrail
2 years ago