exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 610 discussion

Actual exam question from Isaca's CISM
Question #: 610
Topic #: 1
[All CISM Questions]

An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:

  • A. risk assessment results.
  • B. international security standards.
  • C. the most stringent requirements.
  • D. the security organization structure.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Souvik124
Highly Voted 2 years, 4 months ago
In this scenario, the overall security strategy should be based on the most stringent requirements, which means complying with the security laws and regulations of the country where the new office is located.
upvoted 12 times
xcjxcj
1 year, 4 months ago
In this case, we should create local version of policy and standards, but not changing strategy
upvoted 3 times
...
...
lj22HI
Most Recent 3 weeks, 4 days ago
Selected Answer: A
The perspective that risk assessment results are the primary basis for the security strategy is valid because a thorough risk assessment, which incorporates regulatory requirements, provides the data-driven foundation for informed decision-making and ensures that security controls are aligned with the organization's specific risks and business objectives.
upvoted 1 times
...
shogun1204
1 month, 2 weeks ago
Selected Answer: A
The security strategy should be risk-based, considering the organization's unique operational environment, threat landscape, and compliance obligations. A risk assessment evaluates the actual risks posed by the new environment, including local laws, threats, and business impacts. While compliance with laws (sometimes the most stringent) is critical, the overall strategy must balance risk, business objectives, and resources.
upvoted 1 times
...
SHERLOCKAWS
3 months, 2 weeks ago
Selected Answer: A
Answer is A: Because a risk assessment provides the data-driven foundation to align the security strategy with business needs, legal obligations, and threat exposure in both countries. A risk-based approach ensures controls are proportional and justified.
upvoted 2 times
...
Josef4CISM
6 months ago
Selected Answer: A
I strongly disagree with C. Information security should be appropriate, meaning that controls that are overly excessive should not be applied. By adopting the most stringent requirements from a local country to a global organization, all other regional business units may need to implement unnecessary stringent controls. Instead, the security manager should conduct a risk assessment and identify appropriate measures as a next step (risk based approach - balancing cost and benefits).
upvoted 2 times
...
d7a2ba6
6 months, 3 weeks ago
Selected Answer: A
You do a risk assessment and only follow the stringent (expensive) regulation if it is worth following. (The penalty is higher than the cost of implementing the regulation).
upvoted 1 times
...
Booict
10 months, 2 weeks ago
Selected Answer: C
My answer is C
upvoted 2 times
...
03allen
1 year ago
Selected Answer: C
base on the most restricted if you cannot provide a local policy.
upvoted 1 times
...
Thavee
1 year, 2 months ago
Selected Answer: C
Agreed with C, but in the real life, it would be costly if my pool of customers from 20 countries, only one is most stringent. That meant i will have to rework on my others e-commerce sites.
upvoted 1 times
...
xcjxcj
1 year, 4 months ago
Selected Answer: A
A. is correct. I think most people selected C because local regulations should override on company security policies. But C is saying most stringent requirement, which is not regulation or compliance. imagine all your doc can be only viewed after 2 levels of decryption. (C)
upvoted 1 times
...
POWNED
1 year, 5 months ago
Selected Answer: C
I believe the answer is C. Why I believe this is C because its asking what the security strategy will be based off of. Once you have understanding of the security requirements (C) you will then do a risk assessment to find the gaps. If you go straight to a risk assessment you will have no idea what requirements need to be met.
upvoted 2 times
...
Marcovic00
1 year, 7 months ago
Selected Answer: A
compliance can be treated as any other risk
upvoted 1 times
...
bradseth
1 year, 9 months ago
Selected Answer: C
C based on the question
upvoted 1 times
...
CISSPST
1 year, 9 months ago
Selected Answer: C
PFB the excerpt from ISACA Review Manual 16th ed. Page 32 1.3 "......the global enterprise may need to establish different security strategies for each regional division, or it can base policy on the most RESTRICTIVE requirements to be consistent across the enterprise."
upvoted 4 times
...
koala_lay
1 year, 9 months ago
Selected Answer: A
In the scenario described, the overall security strategy should be based on: A. Risk assessment results. When expanding operations to a new country with stringent security laws, it is important to conduct a comprehensive risk assessment specific to the new environment. This assessment should identify and evaluate potential risks, vulnerabilities, and threats associated with the new office and its operations. By conducting a risk assessment, the organization can gain insights into the specific security challenges and requirements posed by the new country's security laws. It allows the organization to prioritize and address risks effectively, tailor security measures to the local context, and allocate resources appropriately.
upvoted 2 times
...
MacDanorld
1 year, 9 months ago
Selected Answer: A
I will go with A. Security strategy should be based on reducing risk to acceptable level and not regulatory compliance
upvoted 3 times
Thavee
1 year, 2 months ago
the question said "stringent security laws"
upvoted 1 times
...
...
oluchecpoint
1 year, 10 months ago
Selected Answer: C
Option C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...