exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 53 discussion

Actual exam question from Isaca's CISM
Question #: 53
Topic #: 1
[All CISM Questions]

The MOST important reason for an information security manager to be involved in the change management process is to ensure that:

  • A. security controls drive technology changes.
  • B. risks have been evaluated.
  • C. security controls are updated regularly.
  • D. potential vulnerabilities are identified.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
CarlLimps
Highly Voted 1 year, 1 month ago
Selected Answer: B
Repeat after me..."Change equals risk". Having said that, that is the reason why infosec would want to manage CAB meetings, to keep the tech clowns in check.
upvoted 10 times
...
Viperhunter
Most Recent 3 months, 3 weeks ago
Selected Answer: B
Being involved in the change management process allows the information security manager to assess the potential risks associated with proposed changes to the organization's technology, processes, or systems. By evaluating risks, the information security manager can provide input to ensure that security considerations are addressed during the planning and implementation of changes. While options like ensuring that security controls drive technology changes (option A), updating security controls regularly (option C), and identifying potential vulnerabilities (option D) are also important, evaluating risks is a central aspect of ensuring that changes are made in a way that does not compromise the organization's information security posture.
upvoted 1 times
...
oluchecpoint
6 months, 2 weeks ago
B. While the other options (A, C, and D) are also important aspects of change management and information security, evaluating risks is the primary concern because it directly impacts the organization's security posture. Without a thorough evaluation of risks, security controls may not be effective in addressing new threats introduced by changes in technology or processes.
upvoted 1 times
...
karanvp
8 months, 4 weeks ago
Changes cause risk whch should be evaluated
upvoted 1 times
...
richck102
10 months ago
B. risks have been evaluated.
upvoted 1 times
...
Antonivs
1 year, 1 month ago
Selected Answer: C
C in my opinion
upvoted 1 times
...
MyKasala
1 year, 2 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
mohit05
1 year, 3 months ago
A. security controls drive technology changes is the best option
upvoted 1 times
CharlesL
1 year, 2 months ago
you ignored the keywords "Most Important".
upvoted 1 times
...
Ziggybooboo
1 year, 3 months ago
Disagree, technology changes could happen for many reasons, B for me
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago