D. Information security framework provides the best guidance when establishing a security program. An information security framework sets out the foundational structure and guidelines for implementing an effective security program. It helps organizations in identifying and addressing potential risks, establishing security controls, and ensuring compliance with industry standards and regulations.
Following the framework is a good start if you got nothing to use. Frameworks are very generic guidelines that you tailor to your organizational needs. The question here is the BEST guidance, which to me is the audit report. It tells you where exactly you're lacking and what you need so you can use that in your program and know 100% it's going to address current issues.
If that were the case, the audit report would always be the best guide (even when you don't have a security program at all) and frameworks would be of no use.
If you have not a security program, what should be the BEST guidance? Framework or audit report? IMO answer is D
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
D2D2
Highly Voted 2 years, 1 month agoZiggybooboo
2 years agokoala_lay
Most Recent 1 year, 3 months agorichck102
1 year, 6 months agoDravidian
1 year, 8 months agoSalilgen
10 months, 1 week agoCarlLimps
1 year, 9 months agoCarlPTY07
1 year, 10 months ago