Certified Information Systems Security Professional (CISSP) — Question 26

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?

Answer options

• A. Information Security Continuous Monitoring (ISCM)
• B. Risk Management Framework (RMF)
• C. Information Sharing & Analysis Centers (ISAC)
• D. Information Security Management System (ISMS)

Correct answer: A

Explanation

The correct answer is A, Information Security Continuous Monitoring (ISCM), as it specifically focuses on the ongoing awareness needed for effective risk management related to security threats. Options B, C, and D represent frameworks or systems that pertain to information security but do not emphasize the continuous monitoring aspect necessary for real-time risk management.