Exam CISM topic 1 question 367 discussion

A test result that incorrectly indicates that the condition being tested for is not present when, in fact, the condition is actually present. For example, a false-negative HIV test indicates that a person does not have HIV when the person actually does have HIV.

A false negative is much worse. That is the risk the seim is not reporting.

D. High number of false positives A high number of false positives can overwhelm security teams with a large volume of alerts that are not actual security threats, leading to alert fatigue. This can result in important security incidents being missed or ignored because they are buried among a sea of false alarms. False positives can also waste valuable time and resources investigating non-issues, reducing the efficiency of security operations. Therefore, managing and minimizing false positives is a critical aspect of effectively using a SIEM system.

B AIO Chapter 2 "Lack of/deficient SIEM: A security information and event management (SIEM) is a system that collects log data from servers, endpoints, network devices such as firewalls, and other sources such as antivirus consoles. It correlates this log data and produces security alerts when actionable security-related activities are taking place. An organization without a SIEM may have little way of knowing whether security incidents such as break-ins are occurring. Similarly, an organization with a SIEM that is not well maintained may also have many blind spots and may be unaware of incidents occurring in its environment."

D. High number of false positives. An automated SIEM tool will be missing the human analysis and logical judgment to distinguish between what is a legitimate event versus a false one. A significant number of False positives will be what to expect in this scenario.

False-POSITIVE: The test is confirming the presence of the virus in your body, although you do not have the virus. Most likely you have been asked to quarantine yourself, even though you are OK. False-NEGATIVE: The test did not detect the presence of the virus in your body, although you do have the virus. Very likely, you have just become a walking distribution centre for the virus.

D. High number of false positives A high number of false positives can overwhelm security teams with a large volume of alerts that are not actual security threats, leading to alert fatigue. This can result in important security incidents being missed or ignored because they are buried among a sea of false alarms. False positives can also waste valuable time and resources investigating non-issues, reducing the efficiency of security operations. Therefore, managing and minimizing false positives is a critical aspect of effectively using a SIEM system.

Absolutely B

Correct Option is D.

The greatest risk associated with the use of an automated Security Information and Event Management (SIEM) system is option D: High number of false positives. A false positive occurs when the SIEM system generates an alert or notification for an event that is not actually indicative of a security incident. High numbers of false positives can lead to alert fatigue, where security analysts become overwhelmed with a large volume of alerts that are not actionable or relevant. This can result in important security incidents being overlooked or ignored, leading to potential breaches or attacks going undetected.

B. High number of false negatives

I will go with Option D - minimizing false positives is crucial to ensure that security teams can focus on genuine threats and respond effectively.

ISACA: Analysis of scan results: A security manager will examine the results of a vulnerability scan, validating the results to make sure there are no false positive results. Gregory, Peter H.; Gregory, Peter H.. CISM Certified Information Security Manager Bundle (p. 406). McGraw Hill LLC. Kindle Edition.

siem system detected many false positives. then these are risk.