Exam CISM topic 1 question 269 discussion

The correct answer is (C) Document security procedures, cause anyone who has access to the procedures is able to learn from them and reproduce the same results using the same process. A. When the certified user leaves another one may bring a different approach B. Revise the information security program does nothing to address the issue of turnover, only the objectives of the program. D. Ensure everyone is trained in their roles is a great idea, but once they leave and another group enters, the process may be inconsistent and thus doing nothing to minimize the impact.

reduce the impact of people leaving? C. Why not D? What is the benefit on training people leaving? You need documentation that helps the new hires on how to do the work

C. Document security procedures

D. All the options have their merits, ensuring that everyone on the security team is adequately trained in their roles is the most immediate and effective way to address the impact of turnover on a security program.

C. Document security procedures

By training the existing and new security staff on their roles and responsibilities, the information security manager can ensure that the security program continues to function effectively. This will also help ensure consistency in security operations and maintain compliance with security policies and regulations. Documenting security procedures and revising the information security program can also help in reducing the impact of staff turnover, but training is the primary solution.

documenting procedures allows for sustainability of processes

need to ensure consistency with policies therefore documenting would ensure new staff members follow same procedures

When you document your procedures without training your stakeholders, that can end in a terrible catastrophe. i choose D