CISSP PRACTICE QUESTIONS – 20200115

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. You developed an information security policy and put it into effect. Which of the following is the most effective for you to enforce its compliance?
A. Provide more training to improve awareness and skill levels
B. Conduct frequent audits to improve continuously
C. Develop standards, procedures, and guidelines to support the policy
D. Collaborate with the audit department

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Collaborate with the audit department.

Providing training and developing supporting documents are good practices that promote compliance, but they don’t enforce compliance.

Training and supporting documents contribute to the effectiveness of compliance, but audits determine if the organization is compliant with the information security policy.

Enforcing compliance typically relates to corrective actions, continuous improvement, or even sanctions or penalties.

CISO typically is not responsible for auditing, so he or she won’t conduct audits but facilitate audits. However, it’s a good practice to collaborate with the audit department to facilitate audits to enforce compliance.

References

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.