According to ISACA, the primary objective of performing a vulnerability assessment following a business system update is "D. Review the effectiveness of controls."
A vulnerability assessment is a process that aims to identify, assess and prioritize vulnerabilities in an organization's systems, networks and applications. The primary objective of performing a vulnerability assessment following a business system update is to ensure that the new updates have not introduced any new vulnerabilities or weaknesses that could be exploited by attackers. It is important to conduct a vulnerability assessment as part of a continuous monitoring process to identify and address any vulnerabilities that could impact the effectiveness of the implemented controls.
D. Review the effectiveness of controls.
After a business system update, it is essential to assess the effectiveness of the controls put in place to secure the updated system. This assessment helps identify any new vulnerabilities introduced during the update process or any weaknesses in the existing security controls. By reviewing the effectiveness of controls, organizations can ensure that their systems remain secure and that any vulnerabilities are promptly identified and remediated. This proactive approach helps prevent security incidents and breaches that could result from overlooked vulnerabilities.
The PRIMARY objective of performing a vulnerability assessment following a business system update is to review the effectiveness of controls. By conducting a vulnerability assessment, organizations can identify and assess potential vulnerabilities or weaknesses in the updated system
Performing a vulnerability assessment following a business system update is an important step in ensuring that the updated system is secure and resilient to attacks. The primary objective of this assessment is to review the effectiveness of the controls that have been implemented to mitigate vulnerabilities in the updated system.
Attack surface and threat landscape are completely different things. Attack surface is related to the asset itself and it's an internal matter, so to speak, while threat landscape is the external thing. You can't affect the threat landscape, it's beyond your control. Attack surface, on the other hand, you can control.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 1 year, 12 months agoxcjxcj
Most Recent 10 months, 3 weeks agooluchecpoint
1 year, 4 months agoJae_kes
1 year, 7 months agorichck102
1 year, 7 months agobambs
1 year, 9 months agoProspect57
2 years agoAlexJacobson
12 months agoMyKasala
2 years ago