C. Assess security capabilities against an industry framework is the BEST way to address a board's concern about the organization's cybersecurity posture
While vulnerability testing is important, it's a specific aspect of cybersecurity. Contracting with a third party for vulnerability testing might address certain concerns, but it might not provide a comprehensive view of the organization's overall cybersecurity posture, including policies, procedures, training, and governance.
Manual: "The risk practitioner should ensure that senior management does not develop a false sense of security as a
result of vulnerability assessments and penetration tests that fail to find vulnerabilities, but both forms of
testing do provide insight into the organization and its security posture."
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
trev0r
1 week, 2 days agoabhincarnation
11 months agomynk29
1 year, 1 month agoCbtL
1 year, 2 months ago