Examice

Exam CISM All QuestionsBrowse all questions from this exam

Question 414

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

Formally document the decision.

Review the regulations.

Review the risk monitoring plan.

Perform a risk reassessment.

Correct Answer: A

When the department head decides to accept the risks identified in an assessment, especially if they are required by regulatory oversight, the next step for the information security manager is to formally document the decision. This ensures that the decision is officially recorded, providing a traceable record of acceptance for future reference and compliance. Documentation is crucial for transparency, accountability, and any potential audits or investigations that may arise due to regulatory requirements.

Discussion

CarlLimpsOption: A

A. is the best answer. Why the heck would you do D AGAIN? You just did an assessment. Formally documenting to me means get this shit in front of the executives in the organziation and provide their awareness. Unfortunately, or fortunately, it is a CYA(Cover Your Ass) step as well, which is very important.

[Removed]

you do D again, because the Department Head doesnt know about regulatory comments

Gr3yGh0sTOption: A

The risk assessment is already done. At this point you are just documenting the official decision.

cangurerOption: A

A is correct, document the decision first and add it to the risk register.

shiowbahOption: A

A. Formally document the decision.

AgamennoreOption: A

risk accepted > track the decision

welloOption: A

document the decision.

CarlPTY07Option: A

The risk assessment is already done!

BroesweeliesOption: D

D. Perform a risk reassessment.

kev90

This has already been done

afb4b17Option: D

When performing a risk reassessment, you will also look at the regulations and the current existing controls. After the reassessment you will formally document the decision.

AbdallaAMOption: A

A. Formally document the decision. This action ensures there is an official record of the department head's acceptance of the risks, which is crucial for transparency, accountability, and for any potential future disputes or investigations, especially given the regulatory implications.

richck102Option: A

A. Formally document the decision.

karanvpOption: B

I think B may the correct answer. Because the accepted risk is related to regulatory requirements; hence the SM first review regulations before go for other options

BabaPOption: C

The risk should be monitored

it_expert_cismOption: A

It should be to Document the decision

MyKasalaOption: B

I think B