A global financial services company is preparing for an upcoming regulatory audit. The CISO has tasked your team with conducting comprehensive compliance checks across the organization's systems. Which approach represents the most effective method for information system and network compliance checks?
Perform manual inspection of systems by security analysts
Use automated scanning tools with validated benchmarks against specific regulatory requirements
Conduct random spot checks based on findings from previous audits
Rely on self-attestation forms completed by department managers
The correct answer is to use automated scanning tools with validated benchmarks against specific regulatory requirements. This approach combines automation (which provides consistency, repeatability, and scale) with validated benchmarks (ensuring accuracy) specifically tailored to the regulatory requirements the organization must meet (focused relevance).
Manual inspection by security analysts, while valuable for certain aspects of compliance assessment, lacks consistency and scalability across a global organization.
Relying on self-attestation forms from department managers introduces bias and lacks verification, making it unreliable for regulatory compliance purposes.
Performing random spot checks based on previous audit findings is too limited in scope and reactive rather than comprehensive, as it focuses only on previously identified issues rather than ensuring full compliance with current requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are automated scanning tools?
Open an interactive chat with Bash
What are validated benchmarks?
Open an interactive chat with Bash
Why is self-attestation unreliable for compliance checks?
Open an interactive chat with Bash
ISC2 CISSP
Security Assessment and Testing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access