Certified Information Security Manager (CISM) Practice Exam

Automated controls can significantly enhance the efficiency and effectiveness of security measures, but they also come with potential disadvantages. One crucial concern is that they may implement configuration changes without prior review. This means that automated systems can automatically adjust settings or controls based on pre-defined parameters or algorithms without the involvement of a human decision-maker.

If these changes occur without scrutiny, there is a risk that they may not align with the organization's security policies or risk management strategies. Errors or unsafe configurations can be introduced, creating vulnerabilities that might be exploited by malicious actors. Therefore, this lack of oversight in the decision-making process of automated systems can lead to significant security issues, which is a key disadvantage of relying solely on automation in an organization's security framework.

Other options, while relevant to automated controls, do not accurately capture this specific risk. For instance, while automated controls can sometimes involve high costs or require certain levels of human oversight, these are not intrinsic to their nature as automated systems.