Certified Information Security Manager (CISM) — Question 490

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Answer options

• A. increasing budget and staffing levels tor the incident response team
• B. revalidating and mitigating risks to an acceptable level
• C. implementing an intrusion detection system (IDS)
• D. testing the business continuity plan (BCP)

Correct answer: B

Explanation

The best approach is to revalidate and mitigate risks to an acceptable level, as this addresses the root causes of vulnerabilities. Increasing budget and staffing (Option A) enhances response capabilities but does not directly reduce risks. Implementing an IDS (Option C) improves detection but may not mitigate existing risks effectively. Testing the BCP (Option D) is important, but it is more about recovery than risk reduction.