Certified Information Security Manager (CISM) — Question 1193

Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations. Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Answer options

• A. Decreasing false positives
• B. Decreasing false negatives
• C. Increasing false negatives
• D. Increasing false positives

Correct answer: A

Explanation

The correct answer is A, as decreasing false positives means that the IPS is less likely to mistakenly identify legitimate activities as threats, thus minimizing disruptions to business operations. Options B and C are incorrect because decreasing false negatives would allow more threats to go undetected, and increasing false positives would lead to more false alarms, both of which would not resolve the concern about business interruptions.