CISM • Practice Test 34
Free CISM practice test — 15 questions with explanations. Set 34. No signup required.
You are the CISM for a mid-sized e-commerce company that processes credit card transactions. The company recently experienced a security incident where an attacker exploited a vulnerability in the web application to gain access to the customer database containing payment card information. The incident response team contained the breach, but the root cause analysis revealed that the vulnerability had been identified in a penetration test six months ago but was not remediated due to competing priorities. The company's risk management framework defines risk appetite as 'moderate' for information security risks. The board is concerned and has asked you to recommend improvements to prevent recurrence. The company has a limited budget and cannot implement all possible controls. Current environment: web application developed in-house, hosted on-premises, with a mix of virtual and physical servers. The security team consists of three people responsible for monitoring, incident response, and vulnerability management. The development team follows an agile methodology with bi-weekly sprints. The company has cyber liability insurance that covers breach response costs up to $2 million. Based on this scenario, what is the most effective course of action?