A.
This answer is from prior work experience. When a change is requested, Cybersecurity performs SIA (System Impact Analysis) to determine if the change will affect the system baseline. If the change does not, cyber will waive further actions, but if there is impact, ATO will need to be revised and approved. ATO involves tedious process by the way.
Reviewing changes in business requirements for information security is typically performed by the business stakeholders but not Information Security Manager. So, Answer A.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Uncle_Lucifer
4 months, 2 weeks agoAidanSun
8 months, 2 weeks agowickhaarry
9 months agorichck102
9 months, 3 weeks agokaranvp
10 months agoEyeDee
1 year ago