New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 6 Question 64 Discussion

Actual exam question for Isaca's CISM exam
Question #: 64
Topic #: 6
[All CISM Questions]

Which of the following is the PRIMARY role of the information security manager in application development?

Show Suggested Answer Hide Answer
Suggested Answer: A

When preventive controls to appropriately mitigate risk are not feasible, the most important action for the information security manager is to manage the impact, which means taking measures to reduce the likelihood or severity of the consequences of the risk. Managing the impact can involve using alternative controls, such as engineering, administrative, or personal protective controls, that can lower the exposure or harm to the organization. The other options, such as identifying unacceptable risk levels, assessing vulnerabilities, or evaluating potential threats, are part of the risk assessment process, but they are not actions to mitigate risk when preventive controls are not feasible. Reference:

https://bcmmetrics.com/risk-mitigation-evaluating-your-controls/

https://www.osha.gov/safety-management/hazard-prevention

https://www.cdc.gov/niosh/topics/hierarchy/default.html


by Gayla at Oct 19, 2023, 08:55 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Malcolm
3 months ago
D sounds good, but isn't it more about the overall security strategy?
upvoted 0 times
...
Wenona
3 months ago
Wow, I didn't realize how much security impacts development!
upvoted 0 times
...
Catarina
3 months ago
C is crucial too, but I think A is the primary focus.
upvoted 0 times
...
Martina
4 months ago
I’m not so sure, B seems just as important for compliance.
upvoted 0 times
...
Kristofer
4 months ago
Definitely A, integrating security in SDLC is key!
upvoted 0 times
...
Alpha
4 months ago
I’m leaning towards ensuring control procedures address business risk, but I could see how integrating security into the SDLC is also critical.
upvoted 0 times
...
Trevor
4 months ago
I feel like implementing enterprise security controls is important too, but it might not be the main focus during development.
upvoted 0 times
...
Genevive
4 months ago
I remember a practice question that focused on compliance with industry best practices, but that might be more of a secondary role.
upvoted 0 times
...
Merri
5 months ago
I think the primary role is to ensure security is integrated into the SDLC, but I'm not completely sure.
upvoted 0 times
...
Gregg
5 months ago
I'm feeling pretty confident about this one. Based on my understanding, the information security manager's primary role in application development is to ensure security is integrated into the SDLC. That seems like the most fundamental and important responsibility.
upvoted 0 times
...
Nakisha
5 months ago
I'm a little confused by this question. All the options seem relevant to the information security manager's role, so it's hard to pick just one as the "primary" responsibility. I'll need to think this through carefully.
upvoted 0 times
...
Claudia
5 months ago
Okay, I think I've got this. The primary role of the information security manager is to ensure security is integrated into the system development life cycle (SDLC). That makes the most sense to me as the core responsibility.
upvoted 0 times
...
Winifred
5 months ago
Hmm, I'm a bit unsure about this one. The options all seem related to the information security manager's role, but I'm not sure which one is the "primary" responsibility. I'll need to re-read the question and options closely.
upvoted 0 times
...
Devon
5 months ago
This seems like a straightforward question about the role of the information security manager in application development. I'll need to carefully consider the options and think about which one best describes the primary responsibility.
upvoted 0 times
...
Aleta
5 months ago
I'm a bit confused by the different options. I'll need to double-check the schema and make sure I understand how to properly associate a device with the AddUser operation.
upvoted 0 times
...
Yuki
5 months ago
Hmm, I'm a bit unsure about this one. I know ulimit is used for setting resource limits, but I can't remember if it's specifically for core file size. I'll have to think this through carefully.
upvoted 0 times
...
Elke
5 months ago
My notes say DNS plays a key role in routing decisions, so I'm leaning towards true for this one!
upvoted 0 times
...
Brendan
5 months ago
Hmm, I'm a bit unsure about this one. I know the contract is important, but I'm not sure if that's the only mechanism the customer has. Let me re-read the question and think through the options.
upvoted 0 times
...
Hayley
10 months ago
I'm with Dorthy on this one. The security manager's job is to make sure the developers don't accidentally unleash a new cybersecurity nightmare. Option A is the way to go, folks!
upvoted 0 times
Claudia
8 months ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Martina
8 months ago
B) To ensure compliance with industry best practice
upvoted 0 times
...
Chana
8 months ago
D) To ensure control procedures address business risk
upvoted 0 times
...
Tamar
8 months ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Daniel
9 months ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
Fanny
9 months ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
...
Bronwyn
10 months ago
While the other options are important, option A really gets to the heart of the matter. Security should be a fundamental part of the development process, not an afterthought.
upvoted 0 times
Cecil
8 months ago
I agree, security should definitely be integrated into the development process.
upvoted 0 times
...
Leota
9 months ago
D) To ensure control procedures address business risk
upvoted 0 times
...
Una
9 months ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Alecia
10 months ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
...
Dorthy
10 months ago
Haha, good one. The information security manager's role is to ensure the developers don't accidentally create the next 'Heartbleed' or 'Shellshock' disaster. Option A all the way!
upvoted 0 times
...
Ellen
10 months ago
I'm leaning towards option D. At the end of the day, the security manager needs to make sure the controls address the actual business risks, not just some generic industry standards.
upvoted 0 times
Jeff
10 months ago
User 2: I agree, but I still think D is the primary role to address specific business risks.
upvoted 0 times
...
Lezlie
10 months ago
User 1: I think option A is also important to make sure security is integrated from the start.
upvoted 0 times
...
Marci
10 months ago
User 2: I agree with you, but I also think option D is important to address specific business risks.
upvoted 0 times
...
Cora
10 months ago
User 1: I think option A is the primary role, security should be integrated into the development process.
upvoted 0 times
...
...
Dan
10 months ago
But what about ensuring compliance with industry best practice? That's also crucial for security.
upvoted 0 times
...
Melissa
10 months ago
I agree with Frederica. It's important to have security from the beginning of development.
upvoted 0 times
...
Flo
11 months ago
Option A is the clear winner here. The information security manager's primary role is to make sure security is baked into the SDLC from the ground up. Anything less is just playing catch-up.
upvoted 0 times
Leah
9 months ago
D) To ensure control procedures address business risk
upvoted 0 times
...
Raylene
9 months ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Temeka
10 months ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
...
Frederica
11 months ago
I think the primary role is to ensure security is integrated into the SDLC.
upvoted 0 times
...

Save Cancel