D. An incident response plan is the most effective in reducing the financial impact following a security breach leading to data disclosure. An incident response plan outlines the steps to be taken in the event of a security incident, including the roles and responsibilities of different teams, procedures for containing and mitigating the incident, and procedures for communicating with stakeholders. This allows for a quick and organized response to a security incident, which can help minimize the damage and reduce the financial impact of the incident.
not D, Option D (Incident Response Plan) outlines the organization's response to a security incident, including data breaches. While incident response is crucial for timely and effective mitigation, it primarily focuses on the response process rather than direct financial impact reduction.
D. An incident response plan
An incident response plan is the most effective measure in reducing the financial impact following a security breach leading to data disclosure. While all the options listed are important components of a comprehensive cybersecurity strategy, an incident response plan is specifically designed to address security incidents when they occur.
Why not B? The question implies that breach already happened and caused data being leaked/disclosed. It's too late for incident response and DLP. BCP should contain steps in regards on what to do in the situations like this.
Actually, after reading further in CISM 2ed. by Peter Gregory, it seems that incident response plan is indeed more correct since on page 407 of his book there's a small table discussing event types and typical responses.
D. An incident response plan
An incident response plan is the most effective measure in reducing the financial impact following a security breach leading to data disclosure. While all the options listed are important components of a comprehensive cybersecurity strategy, an incident response plan is specifically designed to address security incidents when they occur.
A backup and recovery strategy is essential for mitigating the financial impact of a security breach leading to data disclosure. The strategy involves regular backups of critical data and systems, which can be used to restore the affected information in the event of a breach or data loss incident.
Surely this should be implement DLP as this would be effective in reducing the financial impact following a security breach leading to data disclosure.... if there is no data loss then there is no financial loss..
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 1 year, 12 months agodrewl25
1 year, 5 months agoafoo1314
Most Recent 9 months, 3 weeks agooluchecpoint
11 months, 3 weeks agoAlexJacobson
12 months agoAlexJacobson
12 months agooluchecpoint
1 year, 4 months agoAgamennore
1 year, 4 months agodrewl25
1 year, 5 months agoDopy
1 year, 7 months agorichck102
1 year, 7 months agoSaisharan
1 year, 7 months agoit_expert_cism
1 year, 10 months ago