Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization’s information security strategy?
In simple words organization’s information security strategy is something that's tailored based on where the org wants to be (a.k.a risk apetite) audits results are based on complaince.
Correct answer is A: Internal security audit. Because it allows the security manager to systematically evaluate whether the strategy is holistic, risk-aligned, and effectively implemented.
C. External security audit
An external security audit involves an independent examination of an organization's information security policies, processes, and controls by an external entity. This audit assesses the organization's adherence to established standards and best practices, helping to determine the comprehensiveness of the information security strategy. External audits provide an objective perspective and can identify areas for improvement, potential vulnerabilities, and gaps in the security strategy that may not be apparent in internal assessments. While internal security audits (Option A) and other assessments are valuable, an external audit adds an extra layer of validation and objectivity to the evaluation process.
Straight from multiple professional pentesters mouth. A company will almost always pass an internal audit either that be them knowing they are lying or on accident. For the most compressive dive into a businesses security a 3rd party audit needs to be performed.
Seeing as the question is asking for BEST method to get 'comprehensiveness'. I would go with an 3rd party independent audit of the InfoSec program. Which in this case is Option C.
Organization risk appetite can give a good understanding of the program but complete details I don't think so.
comprehensive understanding is provided by external audit.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
d3fa4d2
Highly Voted 9 months, 4 weeks agoSHERLOCKAWS
Most Recent 4 months, 3 weeks agosm24
1 year agoTamerBeSafe
1 year agoPOWNED
1 year, 1 month agoUncle_Lucifer
1 year, 2 months agooluchecpoint
1 year, 5 months agorichck102
1 year, 7 months agokaranvp
1 year, 7 months agoJae_kes
1 year, 8 months agoDravidian
1 year, 9 months agoBroesweelies
2 years agoMyKasala
2 years agoaokisan
2 years, 1 month ago