Exam CISM topic 1 question 198 discussion

The "CISM Review Manual, 16th Edition eBook*" , section 4.2.20 states: "Lack of management buy-in and organizational consensus- Most challenges result from a lack of management buy-in..... When an incident occurs, the management response may not be provided as expected, thus hindering incident management efforts.

Just a hint to rule out some of the answer options: Often the naswer options mean the same thing, bit are described differently. In this case, B and C are the same as a misconfigured SIEM (answer C) is a inadequate detective control (answer B). Such answer options are most likely wrong! In this case answer A is right.

B. Inadequate detective control performance Inadequate detective control performance is the most likely factor to affect an organization's ability to respond to security incidents in a timely manner. Detective controls are a crucial component of a comprehensive cybersecurity strategy, as they help identify security incidents and threats as they occur or shortly after they happen.

B..The first stage in incident management is Identification and Detection.

Take note of the "Timely manner". and they're about to "Respond". It assumes that all controls are implemented but it was not properly setup. Correct answer is D

B. Inadequate detective control performance Inadequate detective control performance is the most likely factor to affect an organization's ability to respond to security incidents in a timely manner. Detective controls are a crucial component of a comprehensive cybersecurity strategy, as they help identify security incidents and threats as they occur or shortly after they happen.

IMHO is B due to the sentence “in a timely manner”, and the support of management doesn’t affect timing

The correct answer is B. Inadequate detective control performance. Explanation: Detective controls are security measures designed to identify and alert an organization about security incidents or breaches after they have occurred. If these controls are inadequate or not performing effectively, it can significantly impact an organization's ability to detect security incidents in a timely manner. Option A, "Lack of senior management buy-in," can impact the overall support and resources allocated to incident response efforts, but it is not as directly related to the technical ability to respond to incidents.

Keyword here is "organization". Had the question been about "an engineer's" ability to respond, then maybe B or C would be a better answer. But since this is referring to the entire org, then I believe management would be the factor causing the lack of resources, budget, best hiring practices, tooling, etc.

It is B.

A. Lack of senior management buy-in

All of the given options may affect an organization's ability to respond to security incidents in a timely manner, but the MOST likely one is B. Inadequate detective control performance. Detective controls are used to identify potential security incidents and initiate a response. If these controls are not performing effectively, incidents may go undetected or not be identified in a timely manner, which could significantly impact the organization's ability to respond to incidents in a timely manner.

Clearly A

The correct answer is A. Lack of senior management buy-in. A lack of buy-in from senior management can result in limited resources, insufficient budget allocation, and a lack of prioritization for incident response. This can negatively impact an organization's ability to respond to security incidents in a timely manner.