Certified Information Security Manager (CISM) — Question 687

Which of the following is the GREATEST benefit of using cyber threat intelligence to improve an organization's patch management program?

Answer options

• A. It allows the organization to define its risk tolerance and appetite.
• B. It identifies when to use workarounds to mitigate vulnerabilities rather than patching.
• C. It reduces the number of patches the organization needs to apply.
• D. It provides information about exploited vulnerabilities to expedite patching.

Correct answer: D

Explanation

The correct answer, D, is accurate because cyber threat intelligence provides critical information on which vulnerabilities are being actively exploited, allowing organizations to prioritize and expedite their patching efforts. The other options, while relevant to risk management and vulnerability mitigation, do not specifically highlight the direct benefits of cyber threat intelligence in relation to patching urgency and effectiveness.