Certified Information Security Manager (CISM) — Question 1133
After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager's FIRST course of action should be to:
Answer options
- A. evaluate the cost of replacing the applications.
- B. reevaluate the standards.
- C. determine the potential impact.
- D. implement compensating controls.
Correct answer: C
Explanation
The correct answer is C, as understanding the potential impact of non-compliance is crucial before taking further actions. Evaluating the cost of replacing applications (A) or reevaluating the standards (B) may not address the immediate risk, and implementing compensating controls (D) could be premature without first assessing the situation's impact.