CISSP PRACTICE QUESTIONS – 20210416

Effective CISSP Questions

Your company is considering a proposal that sells or divests a business unit to a conglomerate for financial purposes. Some impacted employees may resign, while other divested employees are concerned with the new work location. As a security professional involved in the transaction, which of the following should your company conduct first? (Wentz QOTD)
A. Exit interview
B. Deprovisioning
C. Data sanitization
D. Security assessment

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Security assessment.

10 Step M&A Checklist
10 Step M&A Checklist (Source: CFI Education Inc.)

When considering the divesture proposal, conducting security assessments to evaluate and improve the security posture helps maximize the value of the potential deal. On the other hand, the results of security assessments provide inputs to deprovisioning, data sanitization, and exit interviews.

Cybersecurity Assessments in Mergers and Acquisitions

Cybersecurity audits have become an essential step in the M&A due diligence process, which underscores the importance of maintaining a strong security posture. It’s clear from the (ISC)2 study’s findings that the health of an organization’s cybersecurity program directly affects the value of a potential deal.
A company’s cybersecurity history matters. Previously undisclosed breaches can derail deals and weak security practices may be viewed as a liability. Companies that overlook the importance of cybersecurity are not maximizing their value. Cybersecurity strength is a real consideration that affects the bottom line.
For buyers, paying close attention to the cybersecurity history of a target company is a must. While a company ultimately may decide to go ahead with a deal, even if past breaches have occurred, cybersecurity audits are critical. Overlooking troubling signs revealed by the audit can bring repercussions that could devalue the company after a purchase or merger. Therefore, it is incumbent upon buyers to verify a target company has all the necessary security controls in place before proceeding with a deal.

Source: ISC2

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

基於財務的目的,您的公司正在考慮一項將業務部門(business unit)出售給另一家企業集團的提案。一些受影響的員工可能會辭職,而其他被剝離(divested)的員工則擔心新的工作地點。作為參與本次交易的安全專家,您的公司應該首先執行以下哪項工作? (Wentz QOTD)
A. Exit interview
B. Deprovisioning
C. Data sanitization
D. Security assessment

Leave a Reply