ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 656 discussion

Actual exam question from Isaca's CISM
Question #: 656
Topic #: 1
[All CISM Questions]

A business unit is not complying with a control implemented to mitigate risk because doing so impacts the ability to achieve business goals. When reporting the noncompliance to senior management, what would be the information security manager's BEST recommendation?

  • A. Accept the noncompliance.
  • B. Conduct a control assessment.
  • C. Implement compensating controls.
  • D. Educate the noncompliant users.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by aokisan at Dec. 24, 2022, 5:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dark_3k03r
Highly Voted 1 year, 9 months ago
Selected Answer: C
The correct answer is (C) Implement compensating controls. The reason is that if the main controls don't work then we need a set of alternative controls. These would be the compensating controls by definition. Rationale: A. Accept the noncompliance is incorrect cause some action should be taken to reduce the risk as in option (C) B. Conduct a control assessment is incorrect cause the answer has stated what the outcome would be. D. Educate the noncompliant users is incorrect cause educating the user does nothing to address the risk like (C) would.
upvoted 8 times
Dravidian
1 year, 8 months ago
I am not a 100% sure if C is the answer but I don't think alternative controls and compensating controls are the same thing. Alternative control mean other controls than the one currently suggested or implemented. Compensating control are additional controls implemented to make the already implemented control work or more efficient. In this case it can be something like forcing the users to not bypass the implemented control using additional technical controls.
upvoted 1 times
...
...
Thavee
Most Recent 8 months, 4 weeks ago
Selected Answer: B
A business unit is not complying with a control implemented to mitigate risk because doing so impacts the ability to achieve business goals. Best answer is b. Assessment. We first need to check if the control was implemented correctly. If the control was done correctly as trained and recommended, compensation then is followed.
upvoted 1 times
...
Salilgen
10 months, 1 week ago
IMO answer is C. ISM should eventually assess control before to report to senior manager
upvoted 1 times
...
oluchecpoint
1 year, 4 months ago
Selected Answer: C
C. Implement compensating controls. In cases where a control is impacting the ability to achieve business goals, it's important to find a balance between security and business objectives. Compensating controls are security measures or countermeasures that can be put in place to offset the risks associated with noncompliance with a primary control. They can help maintain an acceptable level of security while still allowing the business to achieve its goals.
upvoted 3 times
...
richck102
1 year, 6 months ago
C. Implement compensating controls.
upvoted 2 times
...
zero46
1 year, 6 months ago
Selected Answer: B
Contol assessment to check if current controls align with business goals/objectives
upvoted 2 times
...
meelaan
1 year, 9 months ago
Selected Answer: C
After assessment they reported to Seniour Mngt. So C
upvoted 2 times
...
cangurer
1 year, 10 months ago
BEST recommendation is C
upvoted 2 times
...
aokisan
2 years ago
Selected Answer: B
at first, assessment,
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel