Certified Information Security Manager (CISM) — Question 837

Which of the following is the BEST approach for addressing noncompliance with security standards?

Answer options

• A. Maintain a security exceptions process.
• B. Apply additional logging and monitoring to affected assets.
• C. Discontinue affected activities until security requirements can be met.
• D. Develop new security standards.

Correct answer: A

Explanation

The best approach is to maintain a security exceptions process, as it allows organizations to manage noncompliance while still addressing the underlying issues. The other options may lead to operational disruptions or may not effectively resolve the root cause of the noncompliance.