CISM Exam - Question 92

C. Decreased risk to the organization's systems is the PRIMARY benefit of effective configuration management. Configuration management is the process of identifying, documenting, and controlling changes to systems and devices within an organization's infrastructure. By effectively managing configurations, the organization can minimize the risk of unauthorized changes, ensure that systems are in compliance with security policies, and easily identify and rollback any changes that may have introduced security vulnerabilities. A, B, and D are also benefits of effective configuration management, but they are secondary to the primary benefit which is decreased risk to the organization's systems. Standardization of system support ensures that all systems are configured and maintained in a consistent manner; Reduced frequency of incidents help to minimize the number of security incidents that occur; Improved vulnerability management help to identify and address vulnerabilities in a timely manner.

configuration management is not only contributed for vulnerabilities.

CISM AIO 2nd - Under "Configuration Management"

Answer D also noted CISM AIO 2nd - Under "IT Service Management"

C covers "D" since "Risks" are in the form of vulnerabilities & threats.

PRIMARY benefit

C for sure

Trick question... improving vulnerability mgt decreases risk to the org's systems. Matter of what comes first, the chicken or the egg? Either way I'm good with either answer but by the book I believe the formal answer is (D).

C. Decreased risk to the organization's systems

C. Decreased risk to the organization's systems The PRIMARY benefit of effective configuration management is the decreased risk to the organization's systems. Effective configuration management helps ensure that systems are configured correctly and consistently, reducing the likelihood of configuration errors, security vulnerabilities, and operational issues. This, in turn, lowers the overall risk to the organization's systems and data. While the other options (A, B, and D) are also important benefits of configuration management, they are typically secondary to the main goal of reducing risk.

Effective configuration management involves maintaining and controlling the configuration items within an organization's IT infrastructure. Standardization of system support is a key outcome of configuration management, leading to a more stable and predictable IT environment. Standardized configurations help reduce variability, enhance system reliability, and streamline support processes, contributing to overall operational efficiency. While options B, C, and D are potential benefits of configuration management, they are often secondary to the primary goal of achieving standardization in system support.

C. Decreased risk to the organization's systems The PRIMARY benefit of effective configuration management is the decreased risk to the organization's systems. Effective configuration management helps ensure that systems are configured correctly and consistently, reducing the likelihood of configuration errors, security vulnerabilities, and operational issues. This, in turn, lowers the overall risk to the organization's systems and data. While the other options (A, B, and D) are also important benefits of configuration management, they are typically secondary to the main goal of reducing risk.

I went for A, which seems to be the wrong option. Checked with AI though which also chose A. My reasoning is about the same as AI's. he PRIMARY benefit of effective configuration management is A. Standardization of system support. Configuration management ensures that all systems are consistent and adhere to the desired specifications. This standardization simplifies system support, as it reduces variability and makes troubleshooting more straightforward. Please note that while the other options can be benefits of configuration management, they are not the primary benefit.

C. Decreased risk to the organization's systems The primary benefit of effective configuration management is the decreased risk to the organization's systems. By meticulously tracking and managing changes to the system configurations, organizations can ensure that all changes are intentional, authorized, and properly documented. This meticulous oversight helps in minimizing the unintended consequences of changes that could introduce vulnerabilities or destabilize systems, thereby significantly reducing the risk to the organization's IT infrastructure. Configuration management provides visibility into how systems and controls rely on each other, informing network stakeholders of the potential impact of change to network components. This visibility and control are essential for maintaining the integrity, stability, and security of the systems, aligning with the overarching goal of decreasing risk.

(D) - ISACA CISM 15ed Review Manual: The information security manager must provide ongoing - management of the operational information security components. This includes system patching procedures and configuration management. Thus decreasing an existing weakness or flaw in an OS, network, or application - reducing vulnerability. Also, for ISACA keep in mind that "RISK" = THREATS * VULNERABILITIES * CONSEQUENCES = $$ impact to the organization.

The primary benefit of configuration management is consistency of systems and software.

Are the "correct" answer actually verified?