Certified Information Systems Auditor (CISA) — Question 159

Which of the following would be of GREATEST concern when reviewing an organization's security information and event management (SIEM) solution?

Answer options

• A. SIEM reporting is ad hoc.
• B. SIEM reporting is customized.
• C. SIEM configuration is reviewed annually.
• D. The SIEM is decentralized.

Correct answer: D

Explanation

A decentralized SIEM can lead to gaps in visibility and coordination in security monitoring, making it the greatest concern. In contrast, ad hoc and customized reporting can be improved upon, while an annual review of configuration indicates a level of oversight that is generally acceptable.