New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 75 Discussion

Actual exam question for Isaca's CISM exam
Question #: 75
Topic #: 2
[All CISM Questions]

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Show Suggested Answer Hide Answer
Suggested Answer: D

The most effective course of action when employees are using free cloud storage services to store company data through their mobile devices is to assess the business need to provide a secure solution, such as a corporate-approved cloud service or a virtual desktop environment. Assessing the business need can help understand why employees are using free cloud storage services, what kind of data they are storing, and what are the security risks and requirements. Based on the assessment, the security manager can propose a secure solution that meets the business needs and complies with the BYOD policy. The other options, such as allowing the practice to continue, disabling remote access, or initiating remote wipe, may not address the underlying business need or may cause disruption or data loss. Reference:

https://www.digitalguardian.com/blog/byod-security-expert-tips-policy-mitigating-risks-preventing-breach

https://news.microsoft.com/en-xm/2021/03/18/how-to-have-secure-remote-working-with-a-byod-policy/

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/-infosec-guide-bring-your-own-device-byod


by Julianna at Jun 03, 2024, 03:01 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Denae
3 months ago
Totally agree, senior management should have the final say!
upvoted 0 times
...
Gaston
3 months ago
Surprised this is even an option! Sounds risky.
upvoted 0 times
...
Katy
3 months ago
Isn't the information security manager supposed to be involved too?
upvoted 0 times
...
Laura
4 months ago
I think the chief risk officer should handle this.
upvoted 0 times
...
Shawana
4 months ago
Definitely needs approval from business senior management.
upvoted 0 times
...
Paz
4 months ago
The compliance officer seems important, but I don't recall them being the one to approve risk acceptance. I think it might be more senior management.
upvoted 0 times
...
Trina
4 months ago
I feel like the information security manager should have a say in this, but I'm not confident if they have the final approval authority.
upvoted 0 times
...
Lindsay
4 months ago
I remember a practice question where the CRO was mentioned as the one responsible for risk decisions. Could that be the right answer here?
upvoted 0 times
...
Gail
5 months ago
I think the approval for risk acceptance usually comes from senior management, but I'm not entirely sure if it has to be the business senior management specifically.
upvoted 0 times
...
Haydee
5 months ago
I'm feeling pretty confident about this one. Based on the information provided, the correct answer is B, business senior management. They have the authority to approve the risk acceptance, even though the service is not compliant with the security policy.
upvoted 0 times
...
Denna
5 months ago
This is a tricky one. I'm not entirely sure about the approval process, but I'm leaning towards option B, business senior management. They seem to have the final say on risk acceptance, even if the service isn't compliant with the security policy.
upvoted 0 times
...
Maia
5 months ago
Okay, I think I've got this. Since the risk assessment is being performed, the approval should come from the business senior management, as they have the authority to accept the risk. The other options like the CRO or compliance officer don't seem to fit as well.
upvoted 0 times
...
Macy
5 months ago
Hmm, I'm a bit confused on this one. The question mentions an online collaboration service that's not compliant with the security policy, but I'm not sure how that relates to the approval process. I'll need to think this through carefully.
upvoted 0 times
...
Merlyn
5 months ago
This seems like a straightforward risk assessment question. I'll review the information security policy and the risk assessment details to determine who has the authority to approve the risk acceptance.
upvoted 0 times
...
Lucina
5 months ago
Hmm, I'm a bit confused. The compareTo() method compares the names, but the toString() method returns a string with both the vehicle number and name. Will that affect the sorting order?
upvoted 0 times
...
Catarina
5 months ago
Hmm, I'm a little unsure about this one. The description sounds like it could also fit morality, which is option B. I'll have to think this through carefully before selecting an answer.
upvoted 0 times
...
Lynette
10 months ago
I don't know about you, but I'm just hoping the marketing department doesn't accidentally burn the place down while they're at it.
upvoted 0 times
Jaime
9 months ago
C) the information security manager.
upvoted 0 times
...
Zona
9 months ago
B) business senior management.
upvoted 0 times
...
Winfred
9 months ago
A) the chief risk officer (CRO).
upvoted 0 times
...
...
Harrison
10 months ago
The chief risk officer, hands down! That's what they're there for, to manage and mitigate all the risks the organization faces.
upvoted 0 times
Fausto
9 months ago
B) business senior management.
upvoted 0 times
...
Levi
10 months ago
I agree, the CRO is responsible for managing risks.
upvoted 0 times
...
Tijuana
10 months ago
A) the chief risk officer (CRO).
upvoted 0 times
...
...
Audry
10 months ago
Hmm, I'm going with the information security manager on this one. They're the ones who really understand the risks involved and can make an informed decision.
upvoted 0 times
Daniela
9 months ago
I agree with you, the information security manager is the best person to make this decision.
upvoted 0 times
...
Danica
9 months ago
The compliance officer should be the one to provide approval for risk acceptance.
upvoted 0 times
...
Berry
9 months ago
I believe business senior management should have the final say on this decision.
upvoted 0 times
...
Mica
10 months ago
I think the chief risk officer (CRO) should be the one to approve the risk acceptance.
upvoted 0 times
...
...
Arminda
10 months ago
Ah, the compliance officer, of course! They're the ones who have to make sure the organization stays within the rules, even if it means taking on some risk.
upvoted 0 times
...
Mertie
10 months ago
Well, this is a tricky one. I'd say the business senior management should approve the risk acceptance, as they're the ones who can best weigh the potential benefits and drawbacks.
upvoted 0 times
Tambra
10 months ago
I agree, the business senior management should have the final say.
upvoted 0 times
...
Lisbeth
10 months ago
I think the chief risk officer (CRO) should approve it.
upvoted 0 times
...
...
Tawanna
11 months ago
But shouldn't business senior management also be involved in approving risk acceptance?
upvoted 0 times
...
Junita
11 months ago
I agree with Loren, the CRO is responsible for managing risks.
upvoted 0 times
...
Loren
11 months ago
I think the approval should come from the chief risk officer (CRO).
upvoted 0 times
...

Save Cancel