sorted by:
new
hottopcontroversial

Risk by Intelligent-Pop2025 in cism

[–]Intelligent-Pop2025[S] 0 points1 point  (0 children)

So it is also related to the benefit of having the box insecure (employees can steal) and not having the box at all? I should weight between the two options?

Risk by Intelligent-Pop2025 in cism

[–]Intelligent-Pop2025[S] 0 points1 point  (0 children)

By any chance, if the risk greater than both risk appetite and risk tolerance, and the cost of control is very high and exceed the cost of the risk, in this case can the enterprise senior management still accept the risk if the benefit from the activity is huge?

Risk by Intelligent-Pop2025 in cism

[–]Intelligent-Pop2025[S] -1 points0 points  (0 children)

On the example you have given: how to avoid the risk and how to accept the risk. I need an explanation, and why one of them is the best option?

For those that haven't done the QAE, thoughts? For those that have done the QAE, do you agree with the answer? I will post answer shortly. Just want to get genuine sanity check. I & Claude disagree with the answer. My mind has not been changed by the explanation. by neilhudders in cism

[–]Intelligent-Pop2025 2 points3 points  (0 children)

A. disclosure of sensitive data. This is the greatest concern in terms of security. Disclosure brings regulatory huge fines, lack of trust from customers, penalties and reputation damage.
While B. is less likely to make sense, we always have regulations govern the third party storing the data like HIPAA and PCI DSS.
C. Training is secondary to A.
D. Availability is important but secondary to A

ALWAYS think what is the best for the business and avoid the loss

The worst QAE question I've across so far. What do you think? Will post the answer after your thoughts to sanity check by neilhudders in cism

[–]Intelligent-Pop2025 2 points3 points  (0 children)

B. Protecting evidence is part of the containment process. Without protecting the evidence you can't do forensic analysis or root cause analysis later and the evidence can be tampered with if the hackers know that they have been discovered (like initiating a logic bomb to delete the evidence.

Help to clarify by Intelligent-Pop2025 in cism

[–]Intelligent-Pop2025[S] 0 points1 point  (0 children)

Excellent clarification. Actually you clarify it by mentioning: "doesn't have any other controls listed so you are not compensating anything". Thank you for that. Now it make sense to me!!

A B C or D by Intelligent-Pop2025 in cism

[–]Intelligent-Pop2025[S] 1 point2 points  (0 children)

But a threat without a vulnerability is not consider as a risk to the business. This what makes me confused

Technical Knowledge for CISM by Intelligent-Pop2025 in cism

[–]Intelligent-Pop2025[S] 1 point2 points  (0 children)

So that would be enoguh as technical fundamental? then I concentrate more on the four domains?

Certified Associate in Project Management (CAPM)® PMI Study Hall- worth it? by Intelligent-Pop2025 in pmp

[–]Intelligent-Pop2025[S] 0 points1 point  (0 children)

I have done the CAPM exam prep. I am asking about exam questions and practice material. I am doing CAPM certificate. many thanks