The Focus of the Monitoring Tool for Risk Control
Question
You are the risk control professional of your enterprise.
You have implemented a tool that correlates information from multiple sources.
To which of the following do this monitoring tool focuses?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Monitoring tools that focuses on transaction data generally correlate information from one system to another, such as employee data from the human resources (HR) system with spending information from the expense system or the payroll system.
Incorrect Answers: B: Process integrity is confirmed within the system, it does not need monitoring.
C: Configuration settings are generally compared against predefined values and not based on the correlation between multiple sources.
D: System changes are compared from a previous state to the current state, it does not correlate information from multiple sources.
The monitoring tool implemented by the risk control professional correlates information from multiple sources. This tool focuses on detecting and analyzing events related to the enterprise's information systems, applications, and infrastructure.
Out of the given options, the tool would focus on detecting and correlating information related to "system changes" since this option includes changes in the hardware, software, firmware, and other components of the information system.
By monitoring system changes, the tool can detect and alert the risk control professional of any unauthorized modifications, unauthorized access, and changes that may lead to system vulnerabilities or compromise the system's integrity. The monitoring tool can also detect changes in system configurations, which is another important aspect of managing information security risks.
While the other options may also be relevant for monitoring and managing information security risks, they do not specifically relate to the correlation of information from multiple sources. For example, monitoring transaction data would focus on detecting and analyzing individual transactions or events, while monitoring process integrity would focus on ensuring that business processes are executed according to the organization's policies and procedures. Monitoring configuration settings would focus on ensuring that the systems and applications are configured correctly and securely.
