Exam CISM topic 1 question 134 discussion

keyword is "business advantage"

Improving access security (D) directly reduces the risk of unauthorized access, which can prevent data breaches, protect intellectual property, and maintain customer trust. These factors contribute to long-term business continuity and can potentially save the organization from significant financial and reputational damage. Reducing administrative workload (C) can indeed be a business advantage by freeing up IT resources and cutting down on administrative overhead. However, the primary justification for implementing security tokens often revolves around enhancing security first, with administrative benefits being a secondary advantage. In the context of CISM, the emphasis is often on the primary purpose of security controls, which is why D. improve access security is considered the best answer.

business wise

The question is asking what is the business advantage. This leaves you with either b or c. C is the best answer that coordinates with implementing authentication tokens. Improving security is not necessarily a direct business advantage.

D, "improve access security." Authentication tokens, such as one-time passwords (OTP), smart cards, or biometric tokens, enhance access security by adding an extra layer of authentication beyond just usernames and passwords. This makes it more difficult for unauthorized users to gain access to systems, applications, or data. Improved access security helps protect sensitive information, reduces the risk of data breaches, and can also enhance an organization's reputation for safeguarding customer data.

I'm torn between C and D. It asks for a BUSINESS advantage, but neither C or D are ideal. C - it is worded too vaguely, but it aligns with business part of the question. D - it is most correct, but improving access security is not a business thing, rather technical/security thing.

D for me. Is improving access security a business advantage? I would think so .. anyone? If it is not, then the answer is C

Nonrepudiation ensures that the identity of a user or device can be verified, That is the advantage of a token. It doesn't reduce cost, it doesn't reduce administrative load, it does improve access security but by way non providing nonrepudiation. Each token is unique

On exam practice tests the correct answer is D improve access security, Not C as shown as the correct answer here. FYI they may be in different orders.

D, "improve access security." Authentication tokens, such as one-time passwords (OTP), smart cards, or biometric tokens, enhance access security by adding an extra layer of authentication beyond just usernames and passwords. This makes it more difficult for unauthorized users to gain access to systems, applications, or data. Improved access security helps protect sensitive information, reduces the risk of data breaches, and can also enhance an organization's reputation for safeguarding customer data.

The only pure "business advantage" mentioned in the list is non-repudiation, which is of paramount importance in most business process. So A is the good response.

D. improve access security.

Authentication tokens improve access security by providing an additional layer of authentication beyond just a username and password. This helps to prevent unauthorized access to sensitive systems and information, which can help protect the business from data breaches and other security incidents.

Authentication tokens provide an additional layer of security beyond just a username and password. By using an authentication token, it is harder for an unauthorized user to gain access to a system, reducing the risk of data breaches and other security incidents. As a result, the primary business advantage of implementing authentication tokens is that they improve access security.

C. Administrative overhead No need for user account management activities renew password, password complexity, password reset etc..,

A security advantage would be D, however, it's asking for a business advantage which is C.

(D) Improve Access to security is the best option