iSACA Cybersecurity Fundamentals Certification Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Discover the essentials of the iSACA Cybersecurity Fundamentals Certification. Engage with flashcards and MCQs, with hints and explanations, to ensure exam readiness!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which type of risk approach is focused on compliance?

Ad hoc approach
Compliance-based approach
Risk-based approach
Strategic approach

The correct answer is: Compliance-based approach

The compliance-based approach is fundamentally centered on ensuring that an organization adheres to specified regulations, standards, and frameworks governing its operations and data handling. This approach emphasizes meeting legal and regulatory requirements, often driven by external mandates or industry standards. Organizations using this approach establish frameworks and controls geared specifically towards compliance, such as GDPR for data protection or PCI-DSS for payment card security. By focusing on compliance, such organizations effectively manage risk by ensuring that they meet minimum standards set forth by regulatory bodies, thus minimizing legal and financial repercussions associated with non-compliance. This approach is distinctly different from others. An ad hoc approach lacks structure and formal processes, often leading to reactive rather than proactive measures in risk management. The risk-based approach, while also essential, centers on identifying, assessing, and prioritizing risks based on their potential impact and likelihood, which may not always prioritize compliance as its primary focus. The strategic approach typically aligns risk management with the organization’s broader goals and objectives, but again doesn't specifically concentrate on compliance as its primary driver.