The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
Correct Answer: A
Explanation The existence of messages is hidden when using steganography. This is the greatest risk. Keys are relevant for encryption and not for steganography. Sniffing of steganographic traffic is also possible. Option D is not relevant.
Question 582
Which of the following would be MOST helpful to the information security manager tasked with enforcing enhanced password standards?
Correct Answer: C
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Question 583
Which of the following BEST demonstrates the added value of an information security program?
Correct Answer: D
Explanation A balanced scorecard is a tool that can be used to demonstrate the added value of an information security program by measuring and reporting on key performance indicators (KPIs) and key risk indicators (KRIs) aligned with strategic objectives. Security baselines, a gap analysis and a SWOT analysis are all useful for assessing and improving security posture, but they do not necessarily show how security contributes to business value.
Question 584
Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?
Correct Answer: D
Question 585
Reevaluation of risk is MOST critical when there is:
Correct Answer: D
= Reevaluation of risk is a vital aspect of the risk management process that helps organizations to identify and analyze new or evolving threats, vulnerabilities, and impacts on their assets, and implement the necessary controls to mitigate them. Reevaluation of risk is most critical when there is a change in the threat landscape, which refers to the external and internal factors that influence the likelihood and severity of potential attacks on the organization's information assets. A change in the threat landscape may be caused by various factors, such as technological innovations, geopolitical events, cybercrime trends, regulatory changes, or organizational changes. A change in the threat landscape may introduce new risks or alter the existing risk profile of the organization, requiring a reassessment of the risk appetite, tolerance, and strategy. Reevaluation of risk helps the organization to adapt to the changing threat landscape and ensure that the information security program remains effective, efficient, and aligned with the business objectives. Reference = CISM Review Manual 15th Edition, page 1131 CISM Domain 2: Information Risk Management (IRM) [2022 update]2 Reevaluation of Risk | CISM Exam Question Answer | ISACA3
