New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CIPS L6M7 Exam - Topic 1 Question 3 Discussion

Actual exam question for CIPS's L6M7 exam
Question #: 3
Topic #: 1
[All L6M7 Questions]

Alicia is aware of the dangers of IT hacking and has therefore created a risk assessment to assess how susceptible her business is to this threat. In her risk assessment, she has considered her employees and suppliers. Is this the correct thing to do?

Show Suggested Answer Hide Answer
Suggested Answer: C

While it is important to consider employees and suppliers, cybersecurity risks can exist at various points in the supply chain. Alicia needs to assess potential threats at every stage. A risk assessment alone does not protect against threats (Option B is incorrect), and there is no indication that a third party must complete the assessment (Option D). (P.154)


by Nidia at Feb 12, 2025, 02:01 AM

Limited Time Offer

25%

Off

Get Premium L6M7 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Clemencia
3 months ago
I’m surprised she didn’t consider more areas, like software vulnerabilities!
upvoted 0 times
...
Huey
3 months ago
Wait, why not get a third party to do the assessment? Seems safer.
upvoted 0 times
...
Dean
3 months ago
A risk assessment is definitely a smart move for any business.
upvoted 0 times
...
Cecily
4 months ago
I think she should look at the whole supply chain too.
upvoted 0 times
...
Derrick
4 months ago
Totally agree, employees are the main target for hackers!
upvoted 0 times
...
Maybelle
4 months ago
I feel like just focusing on employees and suppliers might overlook other vulnerabilities. Shouldn't she also look at her IT infrastructure?
upvoted 0 times
...
An
4 months ago
I practiced a similar question where the focus was on third-party risks. I wonder if Alicia's assessment is enough without external input.
upvoted 0 times
...
Jeanice
4 months ago
I'm not entirely sure, but I think a comprehensive risk assessment should include the entire supply chain, right?
upvoted 0 times
...
Erasmo
5 months ago
I remember discussing how employees are often the weakest link in cybersecurity, so I think considering them makes sense.
upvoted 0 times
...
Jeanice
5 months ago
This seems straightforward. Alicia is right to consider employees and suppliers, but she should also look at risks throughout the supply chain. Option C is the way to go.
upvoted 0 times
...
Precious
5 months ago
I'm a little confused by this question. Does the risk assessment have to be done by a third party, or can Alicia do it herself? I'm leaning towards C, but I'm not 100% sure.
upvoted 0 times
...
Helga
5 months ago
Okay, I think I understand the key here. Alicia needs to look at the whole supply chain, not just her own employees. Option C seems like the best choice to me.
upvoted 0 times
...
Joanne
5 months ago
Hmm, I'm a bit unsure about this one. I know risk assessment is important, but I'm not sure if considering just employees and suppliers is enough. Maybe I should re-read the question carefully.
upvoted 0 times
...
Quentin
5 months ago
This seems like a straightforward question about risk assessment. I think I've got a good handle on this topic, so I'll go with option C.
upvoted 0 times
...
Lindsey
12 months ago
I'm gonna have to go with C. Alicia can't just focus on her own employees - the suppliers could be the Achilles' heel. Gotta watch out for those shady third-party vendors, am I right?
upvoted 0 times
...
Arleen
12 months ago
D all the way! A third-party assessment would be much more thorough and unbiased. Alicia might be missing something if she does it herself. Plus, it'll make the company look more legit.
upvoted 0 times
...
Nickolas
12 months ago
But shouldn't Alicia also consider risks throughout the supply chain? I think option C is also important.
upvoted 0 times
...
Arminda
12 months ago
I'll go with B. A risk assessment is a great first step to protecting the company, even if it doesn't cover the whole supply chain. Baby steps, you know?
upvoted 0 times
Johna
11 months ago
User 2: Yeah, I agree. It's better to have some protection in place than none at all.
upvoted 0 times
...
Samira
11 months ago
User 1: I think B is the best option. It's important to start somewhere with a risk assessment.
upvoted 0 times
...
Carol
11 months ago
It's important to take steps to protect the company from cyber threats.
upvoted 0 times
...
Shawna
12 months ago
I agree, starting with a risk assessment is a good idea.
upvoted 0 times
...
...
Destiny
12 months ago
I agree with you, Aileen. It's important to assess all potential vulnerabilities to protect the business from cyber threats.
upvoted 0 times
...
Aileen
1 year ago
I think Alicia is doing the right thing by considering her employees and suppliers in the risk assessment.
upvoted 0 times
...
Nadine
1 year ago
Totally agree with C - the supply chain is a critical part of the risk assessment and shouldn't be overlooked. Hackers will target any weak link.
upvoted 0 times
Teri
11 months ago
Agreed, a comprehensive risk assessment should include all potential vulnerabilities, including those in the supply chain.
upvoted 0 times
...
Berry
11 months ago
Absolutely, hackers will target any weak link they can find. Alicia needs to be thorough in her risk assessment.
upvoted 0 times
...
Claudia
12 months ago
I think Alicia should also consider risks throughout the supply chain. It's important to cover all bases.
upvoted 0 times
...
Ryan
12 months ago
Yes, I agree with C too. The supply chain is definitely a weak link that hackers can exploit.
upvoted 0 times
...
...

Save Cancel