Understanding the Question:
The question asks which method best enables timely detection of changes in the security control environment.
Analyzing the Options:
A. Control self-assessment (CSA):Allows for continuous monitoring and quick detection of any changes or deficiencies in controls.
B. Log analysis:Useful for detecting security incidents but not as comprehensive as CSA for overall control environment changes.
C. Security control reviews:Typically periodic and might not be as timely.
D. Random sampling checks:Not as systematic or comprehensive as CSA.
Control Self-Assessment (CSA):CSA involves regular, structured evaluations by internal staff to ensure controls are working effectively. It promotes early detection of issues by those directly responsible for the controls.
Timeliness:CSA is an ongoing process, making it more timely in identifying changes compared to periodic reviews or random checks.
[References:, CRISC Review Manual, Chapter 3: Risk Response and Reporting, emphasizes the importance of CSA in maintaining and improving control environments., , , , , , , , , ]
Submit