ExamGecko
Search Search Login
Home Home / Isaca / IT Risk Fundamentals
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is used to estimate the frequency and magnitude of a given risk scenario?
Which of the following is the PRIMARY concern with vulnerability assessments?
An enterprise has moved its data center from a flood-prone area where it had experienced significant service disruptions to one that is not a flood zone. Which risk response strategy has the organization selected?
Which of the following is MOST likely to promote ethical and open communication of risk management activities at the executive level?
Which of the following is the MAIN objective of governance?
Which of the following would be considered a cyber-risk?
Which of the following is of GREATEST concern when aggregating risk information in management reports?
Which of the following risk analysis methods gathers different types of potential risk ideas to be validated and ranked by an individual or small groups during interviews?
The MOST important reason to monitor implemented controls is to ensure the controls:
Which of the following is the BEST way to interpret enterprise standards?

Question 73 - IT Risk Fundamentals discussion

Report
Export

Which of the following statements on an organization's cybersecurity profile is BEST suited for presentation to management?

A.

The probability of a cyber attack varies between unlikely and very likely.

Answers
A.

The probability of a cyber attack varies between unlikely and very likely.

B.

Risk management believes the likelihood of a cyber attack is not imminent.

Answers
B.

Risk management believes the likelihood of a cyber attack is not imminent.

C.

Security measures are configured to minimize the risk of a cyber attack.

Answers
C.

Security measures are configured to minimize the risk of a cyber attack.

Suggested answer: C

Explanation:

Communicating Cybersecurity Profile:

When presenting the organization's cybersecurity profile to management, it is crucial to focus on the effectiveness of the security measures in place and their ability to minimize risks.

Clarity and Relevance:

Statement A ('The probability of a cyber attack varies between unlikely and very likely') is too vague and does not provide actionable information.

Statement B ('Risk management believes the likelihood of a cyber attack is not imminent') lacks specificity and does not detail the measures taken.

Effectiveness of Security Measures:

Statement C highlights the proactive steps taken to configure security measures to minimize risk. This approach is more likely to instill confidence in management about the current cybersecurity posture.

According to best practices in IT risk management, as outlined in various frameworks such as NIST and ISO 27001, focusing on the effectiveness and configuration of security controls is key to managing cybersecurity risks.

Conclusion:

Thus, the statement best suited for presentation to management is: Security measures are configured to minimize the risk of a cyber attack.

Show Answer
asked 18/11/2024
Rajeev R Kumar
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms