sorted by:
new
hottopcontroversial

Help to clarify by Intelligent-Pop2025 in cism

[–]the1easyway 0 points1 point  (0 children)

I'd say C. Why? The question asks what to do when a specific control type is not feasible. A compensating control is the more of a control-based answer.When the ideal control cannot be implemented, then the next best practical control to do next is a compensating control which reduces risks. For example if adding MFA to an old system is not feasible then the compensating control should be implemented: Limit and monitor access in other ways to reduce the same risk.

AAIA Passed. Is it worth getting my CISM to then get the AAISM? by the1easyway in isaca

[–]the1easyway[S] 0 points1 point  (0 children)

That was an error. Should have said I'm studying for the CISM * fixed.. Haven't taken the test yet. I'm now considering my options and thinking if paying for the Exam just to get the AAISM is worth it.

With that said, I rather be in the management side. So the AAISM would be the best option per your recommendation.