Certified Information Security Manager (CISM) — Question 1

Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:

Answer options

• A. inform senior management.
• B. update the risk assessment.
• C. validate the user acceptance testing (UAT).
• D. modify key risk indicators (KRIs).

Correct answer: B

Explanation

Updating the risk assessment is crucial because significant changes to application code can introduce new vulnerabilities or alter existing risks. Informing senior management, validating UAT, and modifying KRIs are important but secondary steps that should follow the assessment of the new risk landscape.