The greatest risk of centralized information security administration within a multinational organization is the violation of local law, option D.
When a multinational organization centralizes its information security administration, it may face challenges in ensuring compliance with the diverse laws and regulations of different countries where they operate. Laws related to data privacy, data transfer, and cybersecurity can vary significantly between countries. Failing to comply with local laws can result in legal consequences, financial penalties, and damage to the organization's reputation. Therefore, it is crucial for multinational organizations to have a thorough understanding of local laws and establish appropriate measures to comply with them when centralizing their information security administration.
D. Violation of local law
The greatest risk of centralized information security administration within a multinational organization is the potential violation of local laws and regulations. When a multinational organization centralizes its information security administration, it may implement global security policies and practices that do not align with or comply with the specific legal requirements in each country or region where the organization operates. This can lead to legal issues, fines, and penalties, which can be much more significant and damaging than the other risks listed.
While the other options (A. Slower turnaround, B. Less uniformity, C. Less objectivity) are also important considerations, they generally do not pose as significant a risk as violating local laws and regulations, which can have serious legal and financial consequences for the organization.
D. Violation of local law.
Centralized information security administration involves consolidating the management and control of information security functions and activities into a centralized entity or team within the organization. While there are benefits to centralization, such as improved coordination, consistency, and efficiency, it also poses certain risks, particularly in a multinational context.
One significant risk is the potential violation of local laws and regulations. Different countries have their own unique legal and regulatory requirements concerning data protection, privacy, and information security. These laws may vary in terms of data handling, storage, transfer, and access requirements
I did go with D but I can see how C can be the answer here. With a centralized infosec administration your policies will have to be more subjective than objective since they cannot be applied in the same way across different regions since different factors like local laws and local cultures have to be considered.
Centralized information security administration can create difficulties in balancing the need for consistency and standardization with the need for local customization and adaptation to meet the unique requirements of different countries and regions.
Not sure why centralized would be less objective, D for me
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
koala_lay
1 year, 3 months agooluchecpoint
1 year, 3 months agorichck102
1 year, 6 months agomad68
1 year, 7 months agoDravidian
1 year, 8 months agoSalilgen
9 months, 4 weeks agoSouvik124
1 year, 10 months agobambs
1 year, 10 months agoBroesweelies
1 year, 11 months agoaokisan
2 years agoZiggybooboo
2 years ago