🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional51 / 129
Question 51 of 129

A financial services firm suffers a data breach. During litigation, plaintiffs argue the company failed to act as a reasonable organization would. Investigators find the firm had conducted thorough vendor assessments, performed risk analyses, and documented security requirements — but never actually implemented the patching and monitoring controls those assessments recommended. Which concept did the firm MOST clearly fail to satisfy, exposing it to negligence liability?

Reviewed for accuracy · Report an issueNext question