CISM Certified Information Security Manager – Question0260

What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?

A.
Business impact analyses
B. Security gap analyses
C. System performance metrics
D. Incident response processes

Correct Answer: B

Explanation:

Explanation:
A security gap analysis is a process which measures all security controls in place against typically good business practice, and identifies related weaknesses. A business impact analysis is less suited to identify security deficiencies. System performance metrics may indicate security weaknesses, but that is not their primary purpose. Incident response processes exist for cases where security weaknesses are exploited.