Exam CISM topic 1 question 301 discussion

the answer is B

After a long conversation with ChatGPT on this… I’m going to go with A. (I initially chose C) A is using the word incidents. C is using the word alert, and alert doesn’t indicate that it is an incident. And D is just using the term event logs, events don’t necessarily mean incident. An increase in incidents is an indicator of increased risk. So both A & B are incidents. B is only one category of incidents, and A represents many categories. I argued every option and I can see the point here is the conclusion if you want it. While an increase in malware infections (Option B) does indicate heightened risk and should be addressed, security incidents reported by staff (Option A) remain the best overall indicator because they provide a more comprehensive view of the organization’s risk environment, including human-driven observations and incidents beyond malware. Both metrics are important, but incidents reported by staff are more reflective of broader organizational risk.

The answer should be B. the question clearly mention that change in risk that may negatively impact the organization, increased reporting of incidents typically reflects a positive organizational response to security issues, such as heightened awareness and prompt reporting. Therefore, An increase in malware infections detected by anti-virus software indicates that the organization is experiencing more attacks, which could be a negative shift in the risk landscape. This suggests that malicious actors may be successfully penetrating the defenses, resulting in more infections. If this trend continues, it could significantly increase the organization’s exposure to data breaches or other malicious activities.

This indicates not only potential security issues but also reflects a broader spectrum of incidents beyond what automated tools can detect (C). These could include nuanced threats such as social engineering attacks, insider threats, or procedural failures, which often require human intelligence to notice and report.

A. These questions are more logic than security related. Security incidents reported by staff is a sure sign of a negative impact since its not an event. An event has to be proven an incident already has been proven. Alerts and events are potentials by a reported security incident is already proven to be not an event or a false positive alert.

Reported incident is a healthy thing because maybe the incidents are already there but they were not reported before, so it is a little vague as for the malware caught by the AM solution is a 100% increase in risk

C. A SIEM solution is designed to monitor and analyze security events and incidents across an organization's infrastructure. When there is an increase in alerts triggered by the SIEM solution, it suggests a rise in potentially suspicious or harmful activities within the organization's network or systems. These alerts can encompass a wide range of security events, including those related to malware infections (option B), security incidents reported by staff (option A), and events logged by intrusion detection systems (option D). Therefore, an increase in SIEM alerts is a comprehensive indicator of a changing risk landscape and potential threats to the organization's security.

The correct answer is A. security incidents reported by staff to the information security team. Explanation: Among the options provided, an increase in the number of security incidents reported by staff to the information security team is the best indication of a change in risk that may negatively impact an organization. Here's why this option is the best indication: A. Security incidents reported by staff: An increase in the number of security incidents reported by staff indicates that employees are observing and reporting potential security issues. This increase could signify a change in the threat landscape, vulnerabilities, or attack attempts that may negatively impact the organization's security posture.

A is the only one where it seems the incidents have actually taken place

security incidents reported by staff

i vote .....C. alerts triggered by the security information and event management (SIEM) solution.

So the key here is " negatively impact an organization" the SIEM can find as many issues as it wants but they may or may not effect the organization. However if users are complaining then its already proof the organization has been effected.

C. alerts triggered by the security information and event management (SIEM) solution. The SIEM solution is designed to collect, correlate, and analyze security events and logs from various sources within an organization's IT infrastructure. An increase in the number of alerts triggered by the SIEM solution indicates a higher volume of potentially suspicious or malicious activities occurring within the organization's environment. This can be an indication of a change in risk, as it suggests an elevated level of security incidents or potential threats that need to be investigated and addressed promptly.

C. alerts triggered by the security information and event management (SIEM) solution are the best indication of a change in risk that may negatively impact an organization. The SIEM solution monitors and analyzes events from multiple sources in real-time and generates alerts when it detects potential security incidents or threats. An increase in the number of alerts could indicate that the risk level has increased, and additional security controls may be necessary to mitigate the risk.

The correct answer is A, because if it is bad enough for a user to notice then that means it's painfully obvious and impacting the organization in a negative way. Rationale B. malware infections may be detected, but that doesn't mean they were successful. C. excessive alerts triggered by a SIEM could be a sign of false positives D. excessive events logged by the intrusion detection system (IDS) could also point to false positives as well.

The best indication of a change in risk that may negatively impact an organization is an increase in the number of security incidents or breaches. An increase in the frequency or severity of security incidents suggests that the organization's risk environment has changed, and that existing controls may no longer be effective.

An increase in the number of security incidents reported by staff to the information security team is likely to be the best indication of a change in risk that may negatively impact an organization because it suggests that there is an increase in the number of security breaches or potential breaches that are being identified and reported by employees. This can indicate that there may be a weakness in the organization's security controls or that attackers are becoming more sophisticated in their attempts to penetrate the organization's defenses. Additionally, having a well-educated and informed staff who are reporting security incidents can help the organization to identify and respond to potential threats more quickly and effectively.