Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?
Ensuring availability of resources for log analysis
Implementing log analysis tools to automate controls
Ensuring the control is proportional to the risk
Building correlations between logs collected from different sources
The primary consideration when implementing controls for monitoring user activity logs is ensuring that the control is proportional to the risk, because this helps to optimize the balance between the benefits and costs of the control, and to avoid over- or under-controlling the risk. User activity logs are records of the actions or events performed by users on IT systems, networks, or resources, such as accessing, modifying, or transferring data or files. Monitoring user activity logs can help to detect and prevent potential threats, such as unauthorized access, data leakage, or malicious activity, and to support the investigation and remediation of incidents. However, monitoring user activity logs also involves certain costs and challenges, such as collecting, storing, analyzing, and reporting large amounts of log data, ensuring the accuracy, completeness, and timeliness of the log data, protecting the privacy and security of the log data, and complying with the relevant laws and regulations. Therefore, when implementing controls for monitoring user activity logs, the organization should consider the level and impact of the risk that the control is intended to address, and the value and effectiveness of the control in reducing the risk exposure and impact. The organization should also consider the costs and feasibility of implementing and maintaining the control, and the potential negative consequences or side effects of the control, such as performance degradation, user dissatisfaction, or legal liability. By ensuring that the control is proportional to the risk, the organization can achieve the optimal level of risk management, and avoid wasting resources or creating new risks. References = Risk IT Framework, ISACA, 2022, p. 151
The MOST effective way to increase the likelihood that risk responses will be implemented is to:
create an action plan
assign ownership
review progress reports
perform regular audits.
Risk responses are the actions or strategies that are taken to address the risks that may affect the organization’s objectives, performance, or value creation12.
The most effective way to increase the likelihood that risk responses will be implemented is to assign ownership, which is the process of identifying and appointing the individuals or groups who are responsible and accountable for the execution and monitoring of the risk responses34.
Assigning ownership is the most effective way because it ensures the clarity and commitment of the roles and responsibilities for the risk responses, and avoids the confusion or ambiguity that may arise from the lack of ownership34.
Assigning ownership is also the most effective way because it enhances the communication and collaboration among the stakeholders involved in the risk responses, and provides the feedback and input that are necessary for the improvement and optimization of the risk responses34.
The other options are not the most effective way, but rather possible steps or tools that may support or complement the assignment of ownership. For example:
Creating an action plan is a step that involves defining and documenting the specific tasks, resources, timelines, and deliverables for the risk responses34. However, this step is not the most effective way because it does not guarantee the implementation of the risk responses, especially if there is no clear or agreed ownership for the action plan34.
Reviewing progress reports is a tool that involves collecting and analyzing the information and data on the status and performance of the risk responses, and identifying the issues or gaps that need to be addressed34. However, this tool is not the most effective way because it does not ensure the implementation of the risk responses, especially if there is no ownership for the progress reports or the corrective actions34.
Performing regular audits is a tool that involves conducting an independent and objective assessment of the adequacy and effectiveness of the risk responses, and providing the findings and recommendations for improvement56. However, this tool is not the most effective way because it does not ensure the implementation of the risk responses,especially if there is no ownership for the audit results or the follow-up actions56. References =
1: Risk IT Framework, ISACA, 2009
2: IT Risk Management Framework, University of Toronto, 2017
3: Risk Response Plan in Project Management: Key Strategies & Tips1
4: ProjectManagement.com - How to Implement Risk Responses2
5: IT Audit and Assurance Standards, ISACA, 2014
6: IT Audit and Assurance Guidelines, ISACA, 2014
Which of the following would be- MOST helpful to understand the impact of a new technology system on an organization's current risk profile?
Hire consultants specializing m the new technology.
Review existing risk mitigation controls.
Conduct a gap analysis.
Perform a risk assessment.
A risk assessment is a process of measuring and comparing the likelihood and impact of various risk scenarios, and prioritizing them based on their significance and urgency. A risk assessmentcan help the organization to understand and document the risks that may affect its objectives and operations, and to support the decision making and planning for the risk management.
Performing a risk assessment would be the most helpful to understand the impact of a new technology system on an organization’s current risk profile, because it can help the organization to address the following questions:
What are the potential benefits and challenges of implementing the new technology system, and how do they align with the organization’s objectives and needs?
What are the existing or emerging risks that may affect the new technology system, and how do they relate to the organization’s current risk profile?
How likely and severe are the risks that may affect the new technology system, and what are the possible consequences or impacts for the organization and its stakeholders?
How can the risks that may affect the new technology system be mitigated or prevented, and what are the available or feasible options or solutions?
Performing a risk assessment can help the organization to understand the impact of the new technology system on its current risk profile by providing the following benefits:
It can enable the comparison and evaluation of the current and desired state and performance of the organization’s risk management function, and to identify and quantify the gaps or opportunities for improvement.
It can provide useful references and benchmarks for the alignment and integration of the new technology system with the organization’s risk management function, and for the compliance with the organization’s risk policies and standards.
It can support the implementation and monitoring of the new technology system, and for the allocation and optimization of the resources, time, and budget for the new technology system.
The other options are not the most helpful to understand the impact of a new technology system on an organization’s current risk profile, because they do not provide the same level of detail and insight that performing a risk assessment provides, and they may not be specific or applicable to the organization’s objectives and needs.
Hiring consultants specializing in the new technology means engaging or contracting external experts or professionals that have the skills and knowledge on the new technology system, and that can provide advice or guidance on the implementation and management of the new technology system. Hiring consultants specializing in the new technology can help the organization to enhance its competence and performance on the new technology system, but it is not the most helpful, because it does not measure and compare the likelihood and impact of the risks that may affect the new technology system, and it may not be relevant or appropriate for the organization’s current risk profile.
Reviewing existing risk mitigation controls means examining and evaluating the adequacy and effectiveness of the controls or countermeasures that are intended to reduce or eliminate the risks that may affect the organization’s objectives and operations. Reviewing existing risk mitigation controls can help the organization to improve and optimize its risk management function, but it is not the most helpful, because it does not identify and prioritize the risks that may affect the newtechnology system, and it may not cover all the relevant or significant risks that may affect the new technology system.
Conducting a gap analysis means comparing and contrasting the current and desired state and performance of the organization’s objectives and operations, and identifying and quantifying the gaps or differences that need to be addressed or corrected. Conducting a gap analysis can help the organization to identify and document its improvement needs and opportunities, but it is not the most helpful, because it does not measure and compare the likelihood and impact of the risks that may affect the new technology system, and it may not be aligned or integrated with the organization’s current risk profile. References =
ISACA, CRISC Review Manual, 7th Edition, 2022, pp. 19-20, 23-24, 27-28, 31-32, 40-41, 47-48, 54-55, 58-59, 62-63
ISACA, CRISC Review Questions, Answers & Explanations Database, 2022, QID 208
CRISC Practice Quiz and Exam Prep
An unauthorized individual has socially engineered entry into an organization's secured physical premises. Which of the following is the BEST way to prevent future occurrences?
Employ security guards.
Conduct security awareness training.
Install security cameras.
Require security access badges.
Social engineering is a technique that involves manipulating or deceiving people into performing actions or divulging information that may compromise the security of an organization or its data12.
Entry into an organization’s secured physical premises is a form of physical access that allows an unauthorized individual to access, steal, or damage the organization’s assets, such as equipment, documents, or systems34.
The best way to prevent future occurrences of social engineering entry into an organization’s secured physical premises is to conduct security awareness training, which is an educational program that aims to equip the organization’s employees with the knowledge and skills they need to protect the organization’s data and sensitive information from cyber threats, such as hacking, phishing, or other breaches56.
Security awareness training is the best way because it helps the employees to recognize and resist the common and emerging social engineering techniques, such as tailgating,impersonation, or pretexting, that may be used by the attackers to gain physical access to the organization’s premises56.
Security awareness training is also the best way because it fosters a culture of security and responsibility among the employees, and encourages them to follow the best practices and policies for physical security, such as locking the doors, verifying the identity of visitors, or reporting any suspicious activities or incidents56.
The other options are not the best way, but rather possible measures or controls that may supplement or enhance the security awareness training. For example:
Employing security guards is a measure that involves hiring or contracting professional personnel who are trained and authorized to monitor, patrol, and protect the organization’s premises from unauthorized access or intrusion78. However, this measure is not the best way because it may not be sufficient or effective to prevent or deter all types of social engineering attacks, especially if the attackers are able to bypass, deceive, or coerce the security guards78.
Installing security cameras is a control that involves using electronic devices that capture and record the visual images of the organization’s premises, and provide evidence or alerts of any unauthorized access or activity . However, this control is not the best way because it is reactive rather than proactive, and may not prevent or stop the social engineering attacks before they cause any harm or damage to the organization .
Requiring security access badges is a control that involves using physical or electronic cards that identify and authenticate the employees or authorized visitors who are allowed to enter the organization’s premises, and restrict or deny the access to anyone else . However, this control is not the best way because it may not be foolproof or reliable to prevent or detect the social engineering attacks, especially if the attackers are able to steal, forge, or clone the security access badges . References =
1: What is Social Engineering? | Types & Examples of Social Engineering Attacks1
2: Social Engineering: What It Is and How to Prevent It | Digital Guardian2
3: What is physical Social Engineering and why is it important? - Integrity3603
4: What Is Tailgating (Piggybacking) In Cyber Security? - Wlan Labs4
5: What Is Security Awareness Training and Why Is It Important? - Kaspersky5
6: Security Awareness Training - Cybersecurity Education Online | Proofpoint US6
7: Security Guard - Wikipedia7
8: Security Guard Services - Allied Universal8
Security Camera - Wikipedia
Security Camera Systems - The Home Depot
Access Badge - Wikipedia
Access Control Systems - HID Global
Copyright © 2021-2025 CertsTopics. All Rights Reserved
