ISC2 Exam CISSP Topic 2 Question 58 Discussion

Actual exam question for ISC2's Certified Information Systems Security Professional exam

Question #: 58
Topic #: 2

[All Certified Information Systems Security Professional Questions]

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management

decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?

ADefine a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.

BConduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.

CRespond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.

DAnalyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.

Show Suggested Answer

Suggested Answer: A

by Barrett at Aug 20, 2022, 11:27 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!