New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 1 Question 79 Discussion

Actual exam question for Isaca's CISM exam
Question #: 79
Topic #: 1
[All CISM Questions]

Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

Show Suggested Answer Hide Answer
Suggested Answer: A

Mitigate is the risk treatment option that has been applied by implementing a firewall in front of the legacy application because it helps to reduce the impact or probability of a risk. Mitigate is a process of taking actions to lessen the negative effects of a risk, such as implementing security controls, policies, or procedures. A firewall is a security device that monitors and filters the network traffic between the legacy application and the external network, blocking or allowing packets based on predefined rules. A firewall helps to mitigate the risk of unauthorized access, exploitation, or attack on the legacy application that cannot be patched. Therefore, mitigate is the correct answer.


https://simplicable.com/risk/risk-treatment

https://resources.infosecinstitute.com/topic/risk-treatment-options-planning-prevention/

https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-process/risk-treatment.

by Cathern at Jul 16, 2024, 12:52 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Detra
3 months ago
It's all about the service provider, no doubt about it!
upvoted 0 times
...
Darell
3 months ago
The information security manager should oversee everything, but not solely accountable.
upvoted 0 times
...
Jesus
3 months ago
Wait, how can the incident response team be accountable? That seems off.
upvoted 0 times
...
Luz
4 months ago
I think the business data owner should take some responsibility too.
upvoted 0 times
...
Rhea
4 months ago
Definitely the service provider that hosts the data.
upvoted 0 times
...
Devora
4 months ago
This is tricky! I recall similar questions where it was emphasized that the service provider holds a lot of responsibility, but what about the data owner?
upvoted 0 times
...
Gertude
4 months ago
I feel like the information security manager has some oversight, but ultimately it might come down to the business data owner.
upvoted 0 times
...
Avery
4 months ago
I remember a practice question where the incident response team was mentioned, but I don't think they are directly accountable for data loss.
upvoted 0 times
...
Carmelina
5 months ago
I think the service provider that hosts the data is usually accountable, but I'm not entirely sure if the business data owner has some responsibility too.
upvoted 0 times
...
Denna
5 months ago
I'm a bit confused on this. Is it the information security manager or the business data owner who is accountable? I'll need to weigh the options carefully.
upvoted 0 times
...
Stephaine
5 months ago
I'm confident I know the answer to this one. The service provider is responsible for the data, even if it's a third-party.
upvoted 0 times
...
Christiane
5 months ago
Okay, I think I've got this. The key is to identify who is ultimately accountable for the data, regardless of where it's hosted.
upvoted 0 times
...
Cathern
5 months ago
Hmm, I'm not entirely sure about this. I'll need to review my notes on information security incident response procedures.
upvoted 0 times
...
Wava
5 months ago
This seems like a tricky one. I'll need to think carefully about the responsibilities of each party involved.
upvoted 0 times
...
Stefania
5 months ago
Hmm, I'm a bit unsure about this one. I know black-box testing is about focusing on the program's external behavior rather than its internal workings, but I'm not totally sure which of these options best captures that. I'll have to think it through carefully.
upvoted 0 times
...
Hester
5 months ago
Hmm, this seems like a tricky one. I'm not entirely sure about the details of how Cisco SD-WAN redundancy works, but I'll give it my best shot and try to eliminate the incorrect options.
upvoted 0 times
...
Micaela
9 months ago
I don't know, man. I'm just hoping the correct answer isn't 'all of the above'. That would be a real plot twist, am I right?
upvoted 0 times
...
Maybelle
9 months ago
Hmm, I'm gonna have to go with the business data owner on this one. After all, they're the ones who decided to outsource their data, so they should be prepared to deal with the consequences.
upvoted 0 times
...
Juliann
10 months ago
The information security manager is the one who's supposed to be overseeing all this, so they should be the ones held accountable. No one else is gonna take the fall for their mistakes.
upvoted 0 times
Wilbert
8 months ago
The business data owner might also share some responsibility in ensuring data protection.
upvoted 0 times
...
Demetra
9 months ago
I agree, they are responsible for overseeing data security.
upvoted 0 times
...
Aide
9 months ago
The information security manager should definitely be held accountable.
upvoted 0 times
...
...
Sherman
10 months ago
I'm going with the incident response team on this one. They're the ones who are supposed to handle security incidents, so they should be the ones responsible.
upvoted 0 times
...
Marshall
10 months ago
Nah, it's definitely the service provider's responsibility. They're the ones hosting the data, so they should be the ones held accountable.
upvoted 0 times
Alexia
9 months ago
C) The incident response team
upvoted 0 times
...
Wilda
9 months ago
B) The service provider that hosts the data
upvoted 0 times
...
Aleisha
9 months ago
A) The information security manager
upvoted 0 times
...
...
Tequila
10 months ago
I think the business data owner should be accountable for data loss at a third-party provider. They're the ones who entrusted the data to the provider in the first place.
upvoted 0 times
Diego
9 months ago
D) The business data owner
upvoted 0 times
...
Viki
9 months ago
C) The incident response team
upvoted 0 times
...
Carole
9 months ago
B) The service provider that hosts the data
upvoted 0 times
...
Ma
10 months ago
A) The information security manager
upvoted 0 times
...
...
Brittni
10 months ago
But what about the service provider that hosts the data? Shouldn't they also be accountable?
upvoted 0 times
...
Pearlie
11 months ago
I agree with Laticia. The business data owner should be responsible for protecting the data.
upvoted 0 times
...
Laticia
11 months ago
I think the business data owner is accountable for data loss.
upvoted 0 times
...

Save Cancel