exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 26 discussion

Actual exam question from Isaca's CISM
Question #: 26
Topic #: 1
[All CISM Questions]

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?

  • A. Assess the business impact to the organization.
  • B. Present the noncompliance risk to senior management.
  • C. Investigate alternative options to remediate the noncompliance.
  • D. Determine the cost to remediate the noncompliance.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
CISSPST
Highly Voted 6 months, 1 week ago
The action plan for non-compliance would follow the below order: A. Assess the business impact to the organization. C. Investigate alternative options to remediate the noncompliance. D. Determine the cost to remediate the noncompliance. B. Present the noncompliance risk to senior management.
upvoted 6 times
...
Viperhunter
Most Recent 3 months, 3 weeks ago
Selected Answer: A
Before taking any action, it's essential to understand the potential impact of the noncompliance on the organization. Assessing the business impact involves considering the regulatory consequences, potential legal risks, reputational damage, and any other factors that could affect the organization. This assessment provides a foundation for informed decision-making and helps prioritize actions based on the level of risk and impact. While presenting the noncompliance risk to senior management (option B), investigating alternative options (option C), and determining the cost to remediate (option D) are important steps, understanding the business impact helps in framing the issue within the broader context of organizational priorities and risk tolerance.
upvoted 1 times
...
richck102
10 months ago
A. Assess the business impact to the organization.
upvoted 1 times
...
Antonivs
1 year, 1 month ago
Selected Answer: A
A, rest for later phases
upvoted 2 times
...
Broesweelies
1 year, 2 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago