Certified Information Security Manager (CISM) — Question 136

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

Answer options

• A. Low number of false negatives
• B. High number of false negatives
• C. Low number of false positives
• D. High number of false positives

Correct answer: B

Explanation

A high number of false negatives means that genuine threats are not being detected, leading to undetected security breaches. In contrast, a low number of false negatives indicates effective threat detection, while false positives can lead to unnecessary alerts but do not compromise security directly.