Exam Lead-Cybersecurity-Manager Topic 1 Question 14 Discussion

Actual exam question for PECB's Lead-Cybersecurity-Manager exam
Question #: 14
Topic #: 1
Scenario 2:Euro Tech Solutions Is a leading technology company operating in Europe that specializes In providing Innovative IT solutions With a strong reputation for reliability and excellence. EuroTech Solutions offers a range of services, including software development, cloud computing, and IT consulting. The company is dedicated to delivering cutting-edge technology solutions that drive digital transformation and enhance operational efficiency for its clients.
Recently, the company was subject to a cyberattack that significantly impeded its operations and negatively impacted Its reputation. The cyberattack resulted in a major data breach, where the customers' data and sensitive Information ware leaked. As such, EuroTech Solutions identified the need to improve its cybersecurity measures and decided 1o implement o comprehensive cybersecurity program.
EuroTech Solutions decided to use ISO.'I EC 27032 and the NIST Cybersecurity Framework as references and incorporate their principles and recommendations into its cybersecurity program. The company decided to rapidly implement the cybersecurity program by adhering to the guidelines of these two standards, and proceed with continual improvement (hereafter.
Initially, the company conducted a comprehensive analysis of its strengths, weaknesses, opportunities, and threats to evaluate its cybersecurity measures. This analysis helped the company to identify the desired stale of its cybersecurity controls. Then, it identified the processes and cybersecurity controls that are in place, and conducted a gap analysis to effectively determine the gap between the desired state and current state of the cybersecurity controls. The cybersecurity program included business and IT-related functions and was separated into three phases
1. Cybersecurity program and governance
2. Security operations and incident response
3. Testing, monitoring, and improvement
With this program, the company aimedto strengthen the resilience ofthe digital infrastructure through advanced threat detection, real time monitoring, and proactive incident response. Additionally, it decided to droit a comprehensive and clear cybersecurity policy as part of its overall cybersecurity program The drafting process involved conducting a thorough research and analysis of existing cybersecurity frameworks Once the initial draft was prepared, the policy was reviewed, and then approved by senior management. After finalizing the cybersecurity policy, EuroTech Solutions took a proactive approach to its initial publication. The policy was communicated to all employees through various channels, including internal communications, employee training sessions, and the company's intranet network.
Based on the scenario above, answer the following question
Based on scenario 2. which approach did EuroTech Solutions choose for implementing the cybersecurity program?

Suggested Answer: C Vote an answer

EuroTech Solutions chose an iterative approach for implementing its cybersecurity program. An iterative approach involves repeatedly refining and improving processes based on feedback and ongoing assessment.
* Iterative Approach:
* Definition: An approach that involves repeated cycles of improvement and refinement.
* Process: Implement, monitor, review, and refine cybersecurity measures continuously.
* Benefits: Allows for continuous improvement, adaptability to new threats, and regular updates to cybersecurity measures.
* Implementation in the Scenario:
* EuroTech Solutions conducted a gap analysis, drafted a cybersecurity policy, communicated it to employees, and committed to continual improvement.
* The phases outlined (cybersecurity program and governance, security operations and incident response, testing, monitoring, and improvement) suggest a cycle of continuous improvement.
* ISO/IEC 27032: This standard emphasizes the importance of continuous improvement in cybersecurity measures.
* NIST Cybersecurity Framework: Highlights the need for an ongoing cycle of assessment, implementation, and refinement of cybersecurity practices.
Detailed Explanation:Cybersecurity References:By choosing an iterative approach, EuroTech Solutions aligns with best practices for maintaining a dynamic and responsive cybersecurity posture.

by Arthur at Mar 11, 2025, 09:13 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10