Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CISM Topic 6 Question 64 Discussion

Actual exam question for Isaca's CISM exam
Question #: 64
Topic #: 6
[All CISM Questions]

Which of the following is the PRIMARY role of the information security manager in application development?

Show Suggested Answer Hide Answer
Suggested Answer: A

When preventive controls to appropriately mitigate risk are not feasible, the most important action for the information security manager is to manage the impact, which means taking measures to reduce the likelihood or severity of the consequences of the risk. Managing the impact can involve using alternative controls, such as engineering, administrative, or personal protective controls, that can lower the exposure or harm to the organization. The other options, such as identifying unacceptable risk levels, assessing vulnerabilities, or evaluating potential threats, are part of the risk assessment process, but they are not actions to mitigate risk when preventive controls are not feasible. Reference:

https://bcmmetrics.com/risk-mitigation-evaluating-your-controls/

https://www.osha.gov/safety-management/hazard-prevention

https://www.cdc.gov/niosh/topics/hierarchy/default.html


by Gayla at Oct 19, 2023, 08:55 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Hayley
2 months ago
I'm with Dorthy on this one. The security manager's job is to make sure the developers don't accidentally unleash a new cybersecurity nightmare. Option A is the way to go, folks!
upvoted 0 times
Claudia
1 days ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Martina
2 days ago
B) To ensure compliance with industry best practice
upvoted 0 times
...
Chana
4 days ago
D) To ensure control procedures address business risk
upvoted 0 times
...
Tamar
5 days ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Daniel
18 days ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
Fanny
26 days ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
...
Bronwyn
2 months ago
While the other options are important, option A really gets to the heart of the matter. Security should be a fundamental part of the development process, not an afterthought.
upvoted 0 times
Cecil
6 days ago
I agree, security should definitely be integrated into the development process.
upvoted 0 times
...
Leota
10 days ago
D) To ensure control procedures address business risk
upvoted 0 times
...
Una
15 days ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Alecia
2 months ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
...
Dorthy
2 months ago
Haha, good one. The information security manager's role is to ensure the developers don't accidentally create the next 'Heartbleed' or 'Shellshock' disaster. Option A all the way!
upvoted 0 times
...
Ellen
2 months ago
I'm leaning towards option D. At the end of the day, the security manager needs to make sure the controls address the actual business risks, not just some generic industry standards.
upvoted 0 times
Jeff
1 months ago
User 2: I agree, but I still think D is the primary role to address specific business risks.
upvoted 0 times
...
Lezlie
1 months ago
User 1: I think option A is also important to make sure security is integrated from the start.
upvoted 0 times
...
Marci
1 months ago
User 2: I agree with you, but I also think option D is important to address specific business risks.
upvoted 0 times
...
Cora
1 months ago
User 1: I think option A is the primary role, security should be integrated into the development process.
upvoted 0 times
...
...
Dan
2 months ago
But what about ensuring compliance with industry best practice? That's also crucial for security.
upvoted 0 times
...
Melissa
2 months ago
I agree with Frederica. It's important to have security from the beginning of development.
upvoted 0 times
...
Flo
2 months ago
Option A is the clear winner here. The information security manager's primary role is to make sure security is baked into the SDLC from the ground up. Anything less is just playing catch-up.
upvoted 0 times
Leah
21 days ago
D) To ensure control procedures address business risk
upvoted 0 times
...
Raylene
29 days ago
C) To ensure enterprise security controls are implemented
upvoted 0 times
...
Temeka
2 months ago
A) To ensure security is integrated into the system development life cycle (SDLC)
upvoted 0 times
...
...
Frederica
3 months ago
I think the primary role is to ensure security is integrated into the SDLC.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77