New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 7 Question 77 Discussion

Actual exam question for Isaca's CISM exam
Question #: 77
Topic #: 7
[All CISM Questions]

Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Show Suggested Answer Hide Answer
Suggested Answer: A

Mitigate is the risk treatment option that has been applied by implementing a firewall in front of the legacy application because it helps to reduce the impact or probability of a risk. Mitigate is a process of taking actions to lessen the negative effects of a risk, such as implementing security controls, policies, or procedures. A firewall is a security device that monitors and filters the network traffic between the legacy application and the external network, blocking or allowing packets based on predefined rules. A firewall helps to mitigate the risk of unauthorized access, exploitation, or attack on the legacy application that cannot be patched. Therefore, mitigate is the correct answer.


https://simplicable.com/risk/risk-treatment

https://resources.infosecinstitute.com/topic/risk-treatment-options-planning-prevention/

https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-process/risk-treatment.

by Emerson at Jun 29, 2024, 09:40 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ty
3 months ago
A is the most straightforward benefit, can’t argue with that!
upvoted 0 times
...
Suzan
3 months ago
Wow, I didn’t realize D was even an option!
upvoted 0 times
...
Billye
3 months ago
C is interesting, but I think it’s more about security than revenue.
upvoted 0 times
...
Roslyn
4 months ago
I’m not sure about that, A seems more relevant to me.
upvoted 0 times
...
Casandra
4 months ago
Definitely B, it’s all about balancing risks and controls.
upvoted 0 times
...
Luis
4 months ago
I’m a bit confused; I thought the framework was mostly about risk management, so I’m leaning towards A or B, but I can't recall the exact details.
upvoted 0 times
...
Haydee
4 months ago
I feel like option C could also be a contender since maximizing revenue is important, but it seems more like a secondary benefit to me.
upvoted 0 times
...
Vicki
4 months ago
I remember practicing a question similar to this, and I think option B makes the most sense since it talks about balancing risks and controls with business goals.
upvoted 0 times
...
Elinore
5 months ago
I think the primary benefit is about defining responsibilities, but I'm not completely sure if that's the main focus of governance frameworks.
upvoted 0 times
...
Glenn
5 months ago
Option B stands out to me as the best answer. The framework is about aligning information security with the business, not just defining responsibilities or maximizing revenue.
upvoted 0 times
...
Dick
5 months ago
I'm a bit confused by the wording of the options. They all seem related to the benefits, but I'm not sure which one is the "PRIMARY" benefit. I'll need to re-read the question carefully.
upvoted 0 times
...
Eliseo
5 months ago
The primary benefit is that the framework provides direction to meet business goals while balancing risks and controls. This aligns with the need to secure technology use while supporting the organization's objectives.
upvoted 0 times
...
Rozella
5 months ago
This question seems straightforward, but I want to make sure I understand the key benefits of an information security governance framework before selecting an answer.
upvoted 0 times
...
Andree
5 months ago
I'm leaning towards option B. The framework is meant to guide the organization in managing information security risks in a way that supports the overall business strategy, not just maximizing revenue or confirming goals.
upvoted 0 times
...
Leota
5 months ago
This looks like a straightforward question about ensuring layer availability across multiple Citrix sites. I think I've got a good handle on the different options presented.
upvoted 0 times
...
Andrew
5 months ago
Okay, I think I've got it. App Engine seems like the best choice here since it will allow us to easily stage and promote new versions of the application without having to worry about the underlying infrastructure.
upvoted 0 times
...
Jaclyn
9 months ago
Who cares about the business goals? I just want to hack the system and make a quick buck. Oh wait, this is a serious exam. Definitely go with B.
upvoted 0 times
Zena
8 months ago
User 4: Definitely go with B.
upvoted 0 times
...
Latricia
8 months ago
User 3: I agree with Latricia. Option B is the best choice for implementing an information security governance framework.
upvoted 0 times
...
Theola
8 months ago
User 2: Theola, that's not the right approach. We should prioritize balancing risks and controls to meet business goals.
upvoted 0 times
...
Edelmira
8 months ago
User 1: Who cares about the business goals? I just want to hack the system and make a quick buck.
upvoted 0 times
...
...
Whitley
9 months ago
A is not bad, but it feels a bit limiting. B covers the broader picture of aligning security with business objectives.
upvoted 0 times
Bobbye
8 months ago
User 3: B sounds like the best option for overall effectiveness.
upvoted 0 times
...
Caitlin
8 months ago
User 2: I agree, but B covers a broader perspective on aligning security with business goals.
upvoted 0 times
...
Deeanna
8 months ago
User 1: I think A is good for defining responsibilities.
upvoted 0 times
...
...
Bong
10 months ago
Hmm, D sounds like it could be useful, but I don't think that's the PRIMARY benefit. I'll have to go with B on this one.
upvoted 0 times
...
Jimmie
10 months ago
Option C sounds tempting, but let's be real, security is about protecting the business, not maximizing revenue. B is the way to go.
upvoted 0 times
Johna
9 months ago
C) The framework provides a roadmap to maximize revenue through the secure use of technology.
upvoted 0 times
...
Paulina
9 months ago
B) The framework provides direction to meet business goals while balancing risks and controls.
upvoted 0 times
...
Justine
9 months ago
A) The framework defines managerial responsibilities for risk impacts to business goals.
upvoted 0 times
...
...
Glenna
10 months ago
The primary benefit is clearly B. The framework provides direction to meet business goals while balancing risks and controls. Anything else is just a secondary consideration.
upvoted 0 times
Corazon
9 months ago
True, but ultimately option B is what helps achieve business goals while managing risks.
upvoted 0 times
...
Viva
9 months ago
I think option A is also important, as it defines managerial responsibilities for risk impacts.
upvoted 0 times
...
Kris
9 months ago
I agree, option B is definitely the primary benefit.
upvoted 0 times
...
...
Rosalind
10 months ago
I believe B) The framework provides direction to meet business goals while balancing risks and controls is also important. It helps in achieving business objectives while managing risks.
upvoted 0 times
...
Sena
10 months ago
I agree with Ozell. Having clear responsibilities is crucial for effective information security governance.
upvoted 0 times
...
Ozell
11 months ago
I think the primary benefit is A) The framework defines managerial responsibilities for risk impacts to business goals.
upvoted 0 times
...

Save Cancel