Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 978 discussion

Actual exam question from Isaca's CISA
Question #: 978
Topic #: 1
[All CISA Questions]

Which of the following should be identified FIRST when assessing the maturity level of an organization’s vulnerability management practices?

  • A. Applicable IT governance framework
  • B. Key security team members to interview
  • C. Applicable security framework
  • D. Scope of vulnerability reports
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Staanlee at Dec. 30, 2022, 3:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Staanlee
Highly Voted 1 year, 10 months ago
Selected Answer: C
The correct answer is C, Applicable security framework. When assessing the maturity level of an organization's vulnerability management practices, it is important to identify the applicable security framework that the organization is using or following. A security framework is a set of guidelines, standards, and best practices that organizations can use to establish and maintain a secure environment for their information systems and networks. There are many different security frameworks available, such as the NIST Cybersecurity Framework (CSF), the ISO 27001 standard, and the Center for Internet Security (CIS) Controls. Identifying the applicable security framework will help to provide a benchmark or reference point for evaluating the organization's current vulnerability management practices and identifying areas for improvement.
upvoted 5 times
SuperMax
1 year, 1 month ago
Identifying the applicable security framework is crucial because it provides a structured and standardized set of guidelines, controls, and best practices that the organization should follow in its vulnerability management processes. This framework helps define the scope and requirements for vulnerability management within the organization. Once the applicable security framework is identified, you can then proceed to assess other aspects such as the IT governance framework (A), key security team members to interview (B), and the scope of vulnerability reports (D) within the context of that security framework.
upvoted 3 times
...
seokwanpil
1 year, 2 months ago
D is the answer because it comes first.
upvoted 1 times
...
...
KAP2HURUF
Most Recent 4 months ago
Selected Answer: D
Scope of Vulnerability Reports: Understanding the scope of vulnerability reports is fundamental to assessing the maturity of vulnerability management practices. This involves identifying what systems and applications are covered, the comprehensiveness of the reports, the frequency of vulnerability assessments, and how the findings are reported and addressed. This information provides a baseline for understanding the current state of vulnerability management and helps in determining the maturity level.
upvoted 1 times
...
FAGFUR
1 year ago
Selected Answer: C
Understanding the applicable security framework is a fundamental step in assessing the maturity level of an organization's vulnerability management practices.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel