Exam CISM topic 1 question 161 discussion

We talk about "First line" of defense, and it is "Validating the integrity" of personel instead of monitoring their activities that come after.

First line of defense is validating the integrity of personnel. It is covered under the review manual.

I Believe answer should be D since it consistency monitoring using SIEM solution such as UEBA activities which will help to detect the deviation of the normal operation user is doing

They are insiders (workers)so they have rightfully access to data and organization systems. D is the right answers

Whoever decided on D as the answer has obviously never had to work in a company with a Works Council. This would never be approved as a first line of defence

I believe the order would be: C validate the integrity of the people you are hiring, then: B, you have a good access control D, you monitor the activity So the FIRST is C..

"First line of defense" implying defense in depth. So first you do background checks, then you implement the rest. Therefore C.

I believe the answer is B. The way I am reading it is they are already on boarded and hired and the vetting process did not work. So in that case you need access controls. The wording here makes it more difficult. Seems like a poorly written question and having two answers that could potentially be correct makes it even worse.

B. Stringent and enforced access controls

FIRST line of defense against criminal insider activities, it means the criminal is already doing something, so first line it's monitoring. The other options are not effective when insider is in action.

B. Stringent and enforced access controls are the FIRST line of defense against criminal insider activities. Access controls are fundamental security measures that aim to restrict and manage access to critical systems, data, and resources within an organization. They are the primary means of preventing unauthorized individuals, including insiders with malicious intent, from accessing sensitive information or performing unauthorized actions.

B. Stringent and enforced access controls.

I like B here .C would be nice as well.

Just remember that anyone in a company that's ever stolen or leaked data had previously passed that company's background checks. It's not enough. The ONLY defense is securing your system and it should be the first thing that's done. A clear background check merely tells you that someone's never been caught...lol.

B. Stringent and enforced access controls. Validating the integrity of personnel is an important measure in addressing insider threats, but it is not the first line of defense. While it is crucial to ensure that individuals with high levels of trust and integrity are hired and retained within an organization, relying solely on personnel validation may not be sufficient to prevent or detect criminal insider activities. Implementing stringent and enforced access controls is considered the first line of defense because it focuses on controlling and limiting access to sensitive information and resources. Access controls help prevent unauthorized access and restrict individuals' privileges based on their roles and responsibilities.

Validating the integrity of personnel involves conducting thorough background checks, screening processes, and establishing trust in the individuals being hired or granted access to sensitive information or critical systems. By ensuring that individuals with a history of criminal activity or unethical behavior are not granted access to sensitive resources, organizations can mitigate the risk of insider threats.

B. Stringent and enforced access controls