When a security standard conflicts with a business objective, the situation should be resolved by:

CISM 0 Comments

When a security standard conflicts with a business objective, the situation should be resolved by:
A . changing the security standard.
B . changing the business objective.
C . performing a risk analysis.
D . authorizing a risk acceptance.

Answer: C

Explanation:

Conflicts of this type should be based on a risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. It is highly improbable that a business objective could be changed to accommodate a security standard, while risk acceptance* is a process that derives from the risk analysis.

Latest CISM Dumps Valid Version with 1327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISM PDF     CISM Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments