Certified Chief Information Security Officer (CCISO) — Question 73

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process.
Which of the following represents your BEST course of action?

Answer options

• A. Determine program ownership to implement compensating controls
• B. Send a report to executive peers and business unit owners detailing your suspicions
• C. Validate that security awareness program content includes information about the potential vulnerability
• D. Conduct a throughout risk assessment against the current implementation to determine system functions

Correct answer: D

Explanation

Conducting a thorough risk assessment is crucial as it helps identify the extent of the flaw in the two-factor authentication token management. While determining ownership or informing peers are important, they do not address the immediate need to analyze and understand the risks involved. Validation of awareness program content is useful, but it does not resolve the issue at hand.