Certified Information Security Manager (CISM) — Question 1138

An organization plans to adopt a DevOps approach for innovative application development. Which of the following should be the information security manager's MOST important consideration with regard to the information security strategy?

Answer options

• A. Risk profile may change with the new approach.
• B. The identified framework may not be appropriate.
• C. Security policies may need to be revised.
• D. Security staff may lack software coding skills.

Correct answer: A

Explanation

The most crucial consideration is that the risk profile can shift significantly when adopting a DevOps approach, which may introduce new vulnerabilities and threats. While the appropriateness of the framework, the need to revise policies, and the skills of security staff are important, they are secondary to understanding how the overall risk landscape changes with the new methodology.