CISM Certified Information Security Manager – Question0260
What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system? A. Business impact analyses B. Security gap analyses C. System performance metrics D. Incident response processes
Correct Answer: B
Explanation:
Explanation:
A security gap analysis is a process which measures all security controls in place against typically good business practice, and identifies related weaknesses. A business impact analysis is less suited to identify security deficiencies. System performance metrics may indicate security weaknesses, but that is not their primary purpose. Incident response processes exist for cases where security weaknesses are exploited.
Please disable your adblocker or whitelist this site!