Certified Information Security Manager (CISM) — Question 168

An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?

Answer options

• A. Evaluate the alignment with business strategy
• B. Update standards and procedures
• C. Review technical controls
• D. Refresh the security training program

Correct answer: B

Explanation

The correct answer is B because after amending the information security policy, updating the standards and procedures is essential to ensure they reflect the new strategy. Options A, C, and D are important tasks but they should be done after the policies and procedures have been revised to ensure they are in line with the updated strategy.