Certified Information Security Manager (CISM) — Question 1178
Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?
Answer options
- A. Update the change management process.
- B. Revise the procurement process.
- C. Discuss the issue with senior leadership.
- D. Remove the application from production.
Correct answer: C
Explanation
The correct response is to discuss the issue with senior leadership, as it is crucial to inform them about the risks and implications of bypassing established procedures. Updating processes or removing the application may be necessary later, but first, leadership should be made aware to address the underlying issues and ensure compliance moving forward.