3d β’ πββοΈ CISSP
CISSP Practice Question (Domain 1: Security and Risk Management / Board Oversight & Accountability)
Following a major security incident, the board asks management to demonstrate that security investments over the past two years were aligned to enterprise risk, not just technical best practices. Metrics show control maturity, but not business impact reduction.
What is the MOST appropriate action to take NEXT?
A. Map historical security controls to compliance framework requirements
B. Reframe security reporting around risk scenarios and loss exposure
C. Commission an external benchmark against industry peers
D. Increase board level security training and awareness sessions
Come back for the answer tomorrow, or study more now!
1
13 comments
CISSP Practice Question (Domain 1: Security and Risk Management / Board Oversight & Accountability)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+66
2
+56
3
+41
4
+40
5
+22
Powered by