exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 321 discussion

Actual exam question from ISC's CISSP
Question #: 321
Topic #: 1
[All CISSP Questions]

When MUST an organization's information security strategic plan be reviewed?

  • A. Whenever there are major changes to the business
  • B. Quarterly, when the organization's strategic plan is updated
  • C. Every three years, when the organization's strategic plan is updated
  • D. Whenever there are significant changes to a major application
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
jimbo_jones
5 months, 4 weeks ago
Selected Answer: A
A. The strategic security plan should be stable and tied to business mission / vision. A significant change in business strategy would require the security strategy to be reviewed.
upvoted 2 times
...
HughJassole
8 months, 2 weeks ago
A. "The company must evaluate and adapt security measures as changes in the organization and its threat profiles occur" https://www.cynic.se/2021/11/information-security-strategic-plan-is-part-of-a-good-cybersecurity-business-model/
upvoted 1 times
...
babaseun
11 months ago
Selected Answer: A
When must it be reviewed?
upvoted 2 times
jackdryan
10 months ago
A is correct
upvoted 1 times
...
...
oudmaster
1 year, 2 months ago
Selected Answer: A
Strategy is 5 years Tactical is 1 year Operational is in months. ! So I doubt we need to review strategy every 3 months. Because strategy should be very stable.
upvoted 4 times
...
Jamati
1 year, 4 months ago
Selected Answer: B
It's important to incorporate as much as possible information security into the organizations strategic plans.
upvoted 1 times
babaseun
11 months ago
The question is "when must it be reviewed" not "when should it be reviewed" When must... is answer A
upvoted 1 times
...
...
rdy4u
1 year, 4 months ago
Selected Answer: A
Major changes into the information security strategy & plan will happen only based on critical business changes and changes from industry and stakeholders. https://www.thedigitaltransformationpeople.com/channels/cyber-security/assembling-your-information-security-master-plan/
upvoted 1 times
Jamati
1 year, 4 months ago
Minimum requirement is one year or less. What if those major changes happen only after 2 or 3 years?
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago