Exam CISM topic 1 question 243 discussion

D - Vulnerability control are easier and there should be no unauthorized configuration which introduced new vulnerability/threats

D. Control vulnerabilities and reduce threats from changed configurations.

D. Control vulnerabilities and reduce threats from changed configurations. Implementing standard security configurations involves defining and applying a set of predetermined, secure configuration settings for systems, applications, and network devices. By doing so, the organization aims to establish a baseline security posture that aligns with industry best practices and security standards. The primary goal is to control vulnerabilities and reduce threats that may arise from deviations or unauthorized changes in system configurations. Standard security configurations help ensure consistency and enforce security controls across the organization's IT infrastructure. By maintaining consistent and secure configurations, organizations can minimize the risk of exploitable vulnerabilities and improve their overall security posture.

The Correct answer is D: Control vulnerabilities and reduce threats from changed configurations. A. Standards are not flexible, you either comply or you don't B. This is an advantage, but not a security advantage. C. This is something you can do but is not the primary objective D. Standards are meant to reduce variance. So this will reduce configuration risk and control the vulnerabilities.

D. it is quite clear and self-explaining

D is correct

need for gap analysis.