Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CISM Topic 2 Question 75 Discussion

Actual exam question for Isaca's CISM exam
Question #: 75
Topic #: 2
[All CISM Questions]

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Show Suggested Answer Hide Answer
Suggested Answer: D

The most effective course of action when employees are using free cloud storage services to store company data through their mobile devices is to assess the business need to provide a secure solution, such as a corporate-approved cloud service or a virtual desktop environment. Assessing the business need can help understand why employees are using free cloud storage services, what kind of data they are storing, and what are the security risks and requirements. Based on the assessment, the security manager can propose a secure solution that meets the business needs and complies with the BYOD policy. The other options, such as allowing the practice to continue, disabling remote access, or initiating remote wipe, may not address the underlying business need or may cause disruption or data loss. Reference:

https://www.digitalguardian.com/blog/byod-security-expert-tips-policy-mitigating-risks-preventing-breach

https://news.microsoft.com/en-xm/2021/03/18/how-to-have-secure-remote-working-with-a-byod-policy/

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/-infosec-guide-bring-your-own-device-byod


by Julianna at Jun 03, 2024, 03:01 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Audry
1 days ago
Hmm, I'm going with the information security manager on this one. They're the ones who really understand the risks involved and can make an informed decision.
upvoted 0 times
...
Arminda
3 days ago
Ah, the compliance officer, of course! They're the ones who have to make sure the organization stays within the rules, even if it means taking on some risk.
upvoted 0 times
...
Mertie
8 days ago
Well, this is a tricky one. I'd say the business senior management should approve the risk acceptance, as they're the ones who can best weigh the potential benefits and drawbacks.
upvoted 0 times
...
Tawanna
20 days ago
But shouldn't business senior management also be involved in approving risk acceptance?
upvoted 0 times
...
Junita
23 days ago
I agree with Loren, the CRO is responsible for managing risks.
upvoted 0 times
...
Loren
24 days ago
I think the approval should come from the chief risk officer (CRO).
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77