Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CISM Topic 6 Question 64 Discussion

Actual exam question for Isaca's CISM exam
Question #: 64
Topic #: 6
[All CISM Questions]

Which of the following is the PRIMARY role of the information security manager in application development?

Show Suggested Answer Hide Answer
Suggested Answer: A

When preventive controls to appropriately mitigate risk are not feasible, the most important action for the information security manager is to manage the impact, which means taking measures to reduce the likelihood or severity of the consequences of the risk. Managing the impact can involve using alternative controls, such as engineering, administrative, or personal protective controls, that can lower the exposure or harm to the organization. The other options, such as identifying unacceptable risk levels, assessing vulnerabilities, or evaluating potential threats, are part of the risk assessment process, but they are not actions to mitigate risk when preventive controls are not feasible. Reference:

https://bcmmetrics.com/risk-mitigation-evaluating-your-controls/

https://www.osha.gov/safety-management/hazard-prevention

https://www.cdc.gov/niosh/topics/hierarchy/default.html


by Gayla at Oct 19, 2023, 08:55 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bronwyn
2 days ago
While the other options are important, option A really gets to the heart of the matter. Security should be a fundamental part of the development process, not an afterthought.
upvoted 0 times
...
Dorthy
7 days ago
Haha, good one. The information security manager's role is to ensure the developers don't accidentally create the next 'Heartbleed' or 'Shellshock' disaster. Option A all the way!
upvoted 0 times
...
Ellen
9 days ago
I'm leaning towards option D. At the end of the day, the security manager needs to make sure the controls address the actual business risks, not just some generic industry standards.
upvoted 0 times
...
Dan
11 days ago
But what about ensuring compliance with industry best practice? That's also crucial for security.
upvoted 0 times
...
Melissa
13 days ago
I agree with Frederica. It's important to have security from the beginning of development.
upvoted 0 times
...
Flo
17 days ago
Option A is the clear winner here. The information security manager's primary role is to make sure security is baked into the SDLC from the ground up. Anything less is just playing catch-up.
upvoted 0 times
...
Frederica
23 days ago
I think the primary role is to ensure security is integrated into the SDLC.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77