ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 245 discussion

Actual exam question from Isaca's CISM
Question #: 245
Topic #: 1
[All CISM Questions]

An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?

  • A. The impact of noncompliance on the organization's risk profile
  • B. An accountability report to initiate remediation activities
  • C. Control owner responses based on a root cause analysis
  • D. A plan for mitigating the risk due to noncompliance
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by dark_3k03r at May 11, 2023, 1:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sammy65
1 year, 5 months ago
D: a la alta gerencia lo que mas le interesa no es que se le informe como se esta incumpliendo y cual es el impacot, sino que se le lelva como se va a remediar lo anterior.
upvoted 1 times
...
Jae_kes
1 year, 7 months ago
Selected Answer: A
A. The impact of noncompliance on the organization's risk profile. The impact of noncompliance on the organization's risk profile is crucial information that senior management needs to understand. It helps senior management grasp the potential consequences and implications of the control noncompliance in relation to the organization's overall risk posture.
upvoted 4 times
...
richck102
1 year, 7 months ago
A. The impact of noncompliance on the organization's risk profile
upvoted 3 times
...
Saisharan
1 year, 7 months ago
Option A
upvoted 2 times
...
dark_3k03r
1 year, 8 months ago
Selected Answer: D
NOTE: Not 100% sure about this. I think the correct answer is (D.) A plan for mitigating the risk due to non-compliance, cause the first thing management is going do regardless of the options is ask: how are you going to fix? Rationale: (A.) The impact of non-compliance on the organization's risk profile is a great idea ... but I feel that the next question will be: how are you going to fix it? (i.e. plan) B. An accountability report to initiate remediation activities is incorrect cause you need to have a plan first. C. Control owner responses based on a root cause analysis is a great idea ... but I feel that the next question will be: when are you going to fix it? (i.i plan)
upvoted 1 times
SilverFox
1 year, 2 months ago
Since you are communicating with senior management you will need demonstrate why they would care to mitigate the risk - and you cant do that if you cant show the impact of non-compliance. The mitigation needs to be worth it.
upvoted 3 times
AlexJacobson
12 months ago
Right on the head!
upvoted 2 times
...
...
cidigi
9 months, 2 weeks ago
First Impact, and then the mitigation plan
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel