Certified Information Security Manager (CISM) — Question 466

Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?

Answer options

• A. Set up an agent to run a virus-scanning program across platforms.
• B. Ensure that proper controls exist for code review and release management.
• C. Implement controls for continuous monitoring of middleware transactions.
• D. Apply the latest patch programs to the production operating systems.

Correct answer: B

Explanation

The correct answer, B, is essential because implementing proper controls for code review and release management helps identify and mitigate vulnerabilities in the code before it is deployed. Options A, C, and D focus on reactive measures rather than proactive development practices, which are less effective against targeted malicious programming specifically aimed at manipulating transaction amounts.