Certified Information Security Manager (CISM) — Question 515

Which of the following is an information security manager's MOST important action to mitigate the risk associated with malicious software?

Answer options

• A. Disabling end-user computer peripheral access ports
• B. Implementing a multi-layered security program
• C. Ensuring antivirus has the latest definition files
• D. Strengthening security patch implementation processes

Correct answer: B

Explanation

Implementing a multi-layered security program is crucial as it provides multiple defenses against various types of malicious software, making it harder for threats to penetrate the system. While the other options contribute to security, they do not provide the comprehensive protection that a multi-layered approach offers.