CISM Certified Information Security Manager – Question0599
Security monitoring mechanisms should PRIMARILY: A. focus on business-critical information. B. assist owners to manage control risks. C. focus on detecting network intrusions. D. record all security violations.
Correct Answer: A
Explanation:
Explanation:
Security monitoring must focus on business-critical information to remain effectively usable by and credible to business users. Control risk is the possibility that controls would not detect an incident or error condition, and therefore is not a correct answer because monitoring would not directly assist in managing this risk. Network intrusions are not the only focus of monitoring mechanisms; although they should record all security violations, this is not the primary objective.
Please disable your adblocker or whitelist this site!