Information Security Continuous Monitoring (ISCM) is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. ISCM is a process that collects, analyzes, and reports on the security status and performance of an organization's information systems and networks, using automated or manual tools and techniques. ISCM can help to identify and prioritize the security risks, gaps, and weaknesses, and to implement and evaluate the security controls and measures, in alignment with the organization's security objectives and policies. ISCM can also help to comply with the legal and regulatory requirements, and to respond to the changing threat landscape and business environment. The other options are not terms used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions, as they either do not involve continuous monitoring, do not focus on information security, or do not support risk management decisions. References: CISSP - Certified Information Systems Security Professional, Domain 7. Security Operations, 7.2 Understand and support investigations, 7.2.1 Conduct logging and monitoring activities, 7.2.1.2 Continuous monitoring; CISSP Exam Outline, Domain 7. Security Operations,
7.2 Understand and support investigations, 7.2.1 Conduct logging and monitoring activities, 7.2.1.2 Continuous monitoring

Single Sign-On (SSO) is a technology that allows users to securely access multiple applications and services using just one set of credentials, such as a username and a password56 With SSO, users do not have to remember and enter multiple passwords for different applications and services, which can improve their convenience and productivity. SSO also enhances security, as users can use stronger passwords, avoid reusing passwords, and comply with password policies more easily. Moreover, SSO reduces the risk of phishing, credential theft, and password fatigue56 SSO is based on the concept of federated identity, which means that the identity of a user is shared and trusted across different systems that have established a trust relationship. SSO uses various protocols and standards, such as SAML, OAuth, OIDC, and Kerberos, to enable the exchange of identity information and authentication tokens between the systems56

Total risk = asset value * vulnerability * threats

The correct answer is "The operators have different duties to prevent one person from compromising the system". Separation of duties means that the operators are prevented from generating and verifying transactions alone, for example. A task might be divided into different smaller tasks to accomplish this, or in the case of an operator with multiple duties, the operator makes a logical, functional job change when performing such conflicting duties. Answer "An operator does not know more about the system than the minimum required to do the job" is need-to-know, answer "Two operators are required to work in tandem to perform a task" is dual-control, and c is job rotation.

It is the systems auditor that should lead the effort to ensure that the security controls are in place and effective. The audit would verify that the controls comply with polices, procedures, laws, and regulations where applicable. The findings would provide these to senior management.
The following answers are incorrect: the local security specialist. Is incorrect because an independent review should take place by a third party. The security specialist might offer mitigation strategies but it is the auditor that would ensure the effectiveness of the controls
the business manager. Is incorrect because the business manager would be responsible that the controls are in place, but it is the auditor that would ensure the effectiveness of the controls. the central security manager. Is incorrect because the central security manager would be responsible for implementing the controls, but it is the auditor that is responsibe for ensuring their effectiveness.