Certified Information Security Manager (CISM) — Question 1051

Which of the following scenarios would MOST likely require a change to corporate security policies?

Answer options

• A. New security standards have been implemented.
• B. Employees do not understand or adhere to the policies.
• C. The organization has undergone a merger.
• D. The organization incurs an increased number of security incidents.

Correct answer: C

Explanation

A merger often leads to changes in structure, culture, and operations, necessitating updates to security policies to ensure alignment and protection across the newly combined entity. While new standards, employee adherence, and increased incidents are important, they do not inherently require policy changes as a merger does.