Certified Information Security Manager (CISM) — Question 141

What is the PRIMARY objective of information security involvement in the change management process?

Answer options

• A. To narrow the threat landscape
• B. To ensure changes are not applied without prior authorization
• C. To reduce the likelihood of control failure
• D. To meet obligations for regulatory and legal compliance

Correct answer: C

Explanation

The correct answer is C because the primary objective of information security in change management is to minimize the risk of control failure due to changes in the system. Options A, B, and D are also important aspects of information security but do not represent the main goal in the context of change management.