Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:

CISM 0 Comments

Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
A . it implies compliance risks.
B . short-term impact cannot be determined.
C . it violates industry security practices.
D . changes in the roles matrix cannot be detected.

Answer: A

Explanation:

Monitoring processes are also required to guarantee fulfillment of laws and regulations of the organization and, therefore, the information security manager will be obligated to comply with the law. Choices B and C are evaluated as part of the operational risk. Choice D is unlikely to be as critical a breach of regulatory legislation. The acceptance of operational risks overrides choices B, C and D.

Latest CISM Dumps Valid Version with 1327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISM PDF     CISM Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments