ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 258 discussion

Actual exam question from CompTIA's CAS-003
Question #: 258
Topic #: 1
[All CAS-003 Questions]

A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization. Which of the following business areas should the CISO target FIRST to best meet the objective?

  • A. Programmers and developers should be targeted to ensure secure coding practices, including automated code reviews with remediation processes, are implemented immediately.
  • B. Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks.
  • C. The project management office should be targeted to ensure security is managed and included at all levels of the project management cycle for new and in- flight projects.
  • D. Risk assurance teams should be targeted to help identify key business unit security risks that can be aggregated across the organization to produce a risk posture dashboard for executive management.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by D1960 at Jan. 25, 2021, 7:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Trap_D0_r
4 years, 4 months ago
I think C kick it to the PMs for each project. Work with your PMs to start integrating security into every ongoing project. Wouldn't that integrate into "as many layers as possible" for "quick wins?" Every PM submits security updates weekly--the company starts aggregating a security posture across every project quickly?
upvoted 1 times
D1960
4 years, 3 months ago
I am not sure if that would be a "quick win." Seems to me the results of that could take months, or years, to realize.
upvoted 1 times
...
...
D1960
4 years, 5 months ago
Maybe: B. Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks? This is a quick and easy undertaking, i.e. a "quick win." This could prevent serious security problems.
upvoted 4 times
D1960
4 years, 5 months ago
Frankly, "D" sounds like a lot of random jargon.
upvoted 2 times
CragShield
4 years, 5 months ago
I think D. is the correct answer. It's the only answer that provides a target that crosses department boundaries and takes into consideration the entire business.
upvoted 8 times
D1960
4 years ago
What is a "risk posture dashboard for executive management." going to do? Seems to me, that would only be informational, it would do little to directly "embed security across the business."
upvoted 1 times
daanderud
3 years ago
it does say do FIRST. I would say that if you ID risk across all business units would be the FIRST thing to do. It seems to me, D is the only one that stretches the entire org. The other answers seem targeted.
upvoted 1 times
...
...
D1960
4 years, 3 months ago
Wouldn't it take the entire business into account to: "ensure all new employees undertake security awareness and compliance training" ?
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel