CISSP PRACTICE QUESTIONS – 20190917

Effective CISSP Questions

Your company plans to create a new position, CISO. It is responsible for formulating and executing information security strategies. The board of directors is holding a meeting to revise the Corporate bylaws and calls for the conclusion that the CISO shall report to the audit committee. As the CEO attending the meeting, which of the following is the best feedback?
A. Agree with the resolution as it’s a good arrangement.
B. Suggest that internal audit capability should be put in the job skills of CISO.
C. Propose a clause to separate the CISO and CIO role to avoid conflict of interests.
D. Remind that the independence of auditing would be hindered.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Remind that the independence of auditing would be hindered.

governancestructure

SEGREGATION OF DUTIES

  • When duties are properly segregated, no single employee will have the ability to commit fraud or make a mistake and have the ability to cover it up.
  • e.g. Auditing people do not have other operational duties related to what they are auditing.

Stewart, James M.; Chapple, Mike; Gibson, Darril. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide9. Wiley.

 

One thought on “CISSP PRACTICE QUESTIONS – 20190917

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s