Certified Information Systems Security Professional (CISSP) — Question 291

Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management's directive?

Answer options

• A. Routine reports generated by the user's cellular phone provider that detail security events
• B. Strict integration of application management, configuration management (CM), and phone management
• C. Management application installed on user phones that tracks all application events and cellular traffic
• D. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity

Correct answer: B

Explanation

Option B is correct because integrating application management, configuration management, and phone management is essential for ensuring comprehensive security and compliance. The other options, while potentially beneficial, do not provide the necessary framework for continuous monitoring and security assessment as required by management.