Exam CISM topic 1 question 579 discussion

Clealy, D.

SOC is the greatest.

D, as it includes A, B, C

D. Fully operational security operations center (SOC). A fully operational security operations center (SOC) is a dedicated facility or team responsible for monitoring, detecting, analyzing, and responding to security incidents in real-time. It employs a combination of technology, processes, and skilled personnel to provide comprehensive security monitoring and incident response capabilities.

D. Fully operational security operations center (SOC) A fully operational Security Operations Center (SOC) is dedicated to monitoring, detecting, analyzing, and responding to security incidents and threats in real-time. It typically combines advanced technologies, skilled personnel, and established processes to provide comprehensive security monitoring and incident response capabilities. A SOC is specifically designed to detect and contain security incidents promptly, making it the most robust choice among the options listed. Note: Security Information and Event Management (SIEM) systems (Option C) are valuable for log and event analysis but may require a SOC to effectively manage and respond to incidents detected by the SIEM.

D. Fully operational security operations center (SOC)

A security information and event management (SIEM) system (option C) is a valuable tool for aggregating and analyzing security event logs from various sources. It aids in the detection and analysis of security incidents. However, a SIEM system alone may not provide the same level of assurance as a fully operational SOC, which encompasses not only the technology but also the human expertise and response capabilities.

It's great to have a fully functioning SIEM but if there's no one to monitor and manage it then is it the greatest assurance? My vote is for the SOC.

Its D only