Certified Information Security Manager (CISM) — Question 407

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Answer options

• A. alignment with compliance requirements.
• B. effectiveness of controls.
• C. control gaps are minimized.
• D. system availability.

Correct answer: B

Explanation

The primary aim of continuous monitoring is to assess the effectiveness of controls, ensuring they are functioning as intended to mitigate risks. While alignment with compliance, minimizing control gaps, and maintaining system availability are important, they are secondary to the need to verify that the controls are actually effective in protecting the organization.