An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
A.
Perform a risk assessment on the new technology.
Most Voted
B.
Obtain legal counsel’s opinion on the standard's applicability to regulations.
C.
Determine whether the organization can benefit from adopting the new standard.
D.
Review industry specialists’ analyses of the new standard.
Answer is A: Perform a risk assessment on the new technology. Because before making recommendations or decisions about new technologies or standards, always start with a risk assessment, that’s the foundation of informed, strategic security management.
It's not C because one cannot determine whether the organization can benefit from adopting the new standard if you don’t understand what the risks are.
C. Determine whether the organization can benefit from adopting the new standard. The question is focused on adopting the new standard. A. is not the correct answer. C is.
As Organization want's to implement the new technology, B, C, D may not be correct option. A would be correct.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SHERLOCKAWS
4 weeks ago03allen
10 months agoAbbey2
1 year, 2 months agoSoleandheel
1 year, 5 months agorichck102
1 year, 9 months agokaranvp
1 year, 10 months ago