A newly appointed Chief Information Security Officer has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
Continuous monitoring is an approach where an organization constantly monitors its IT systems and networks to detect security threats, performance issues, or non-compliance problems in an automated manner. The goal is to identify potential problems and threats in real time to address them quickly.
For me it's planning. He identified the risks that it plan how to response to each one, that implement the response, finally he monitored the result and the new risk restarting the cycle.
The key is "Which of the following will provide a trend of risk mitigation" How do you find trends? Continuous Monitoring will allow you to see trends and mitigate adverse trends etc...
The key word here is “ trend of risk mitigation”.. at first my answer was C but when I searched about the meaning of the word I switched it to B.
A trend of risk mitigation refers to the ability to track and monitor the effectiveness of risk mitigation efforts over time. It involves continuously assessing the effectiveness of implemented security controls and risk management strategies to determine if they are reducing the organization's exposure to risk.
Risk response involves taking specific actions to reduce, transfer, or mitigate the risks that have been identified through the risk assessment process.
the question states that the risks have already been identified through the risk assessment review, then the option that will provide a trend of risk mitigation would be C. Risk response.
Per the CompTIA CySA+ CS0-002 textbook:
Topic 7A - Speaking on the risk identification process--
"Respond—'Mitigate' each risk factor through the deployment of managerial, operational, and technical security controls.
Key word in the question is mitigation. This clearly means the answer is C
Which of the following will provide a trend of risk mitigation?
For me this has to be C. He has carried out the risk assesment and identified issues, surely the next stage is risk response... Though i understand people who are saying B, i think some of you (respectfully) are getting too caught up on the term 'trend' and tying that to continuous monitoring
Risk response is an important part of the risk management process and involves implementing measures to mitigate or transfer the risks identified during the risk analysis. However, risk response alone does not provide a trend of risk mitigation, as it only addresses the risks that have been identified in a specific point in time.
Continuous monitoring, on the other hand, involves ongoing assessment of the organization's security posture and the identification of new risks. By regularly monitoring the organization's security, the CISO can identify trends in risk mitigation and make adjustments to the risk management plan as needed. This provides a more comprehensive view of the organization's risk landscape and the effectiveness of the risk mitigation measures in place.
This is close, however I'd need to opt for C as to pull trend analysis data, I need to see the how and the why of mitigation over a period of time. Response actions would give me that better than continuous monitoring. See this article, points 5 and 6 are so close - https://securityscorecard.com/blog/6-strategies-for-cybersecurity-risk-mitigation
The best option that will provide a trend of risk mitigation is B. Continuous monitoring.
Continuous monitoring is the ongoing process of assessing the security controls in an organization to identify vulnerabilities, threats, and risks. It also involves analyzing the results of security testing, incident response, and other security-related activities to identify trends and patterns that can be used to improve the security of the organization. By continuously monitoring the organization, the Chief Information Security Officer can identify and address new and emerging risks, which will help to reduce the overall risk to the organization.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
db97
Highly Voted 2 years, 4 months ago2Fish
2 years, 3 months agodb97
2 years, 4 months agom025
Most Recent 1 year, 3 months agoskibby16
1 year, 7 months agoRori791
1 year, 11 months agokiduuu
2 years, 2 months agoHereToStudy
2 years, 2 months agojosephconer1
2 years, 2 months agoencxorblood
2 years, 4 months agoNerdAlert
2 years, 2 months agoIanRogerStewart
2 years, 4 months agoabsabs
2 years, 4 months agoAaronS1990
2 years, 4 months agognnggnnggnng
2 years, 4 months agoStiobhan
2 years, 4 months agodavid124
2 years, 5 months agokmanb
2 years, 5 months agoMortG7
2 years, 8 months agoMortG7
2 years, 8 months ago