Certified Information Security Manager (CISM) — Question 225

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Answer options

• A. Improve the change control process.
• B. Update the threat landscape.
• C. Determine operational losses.
• D. Review the effectiveness of controls.

Correct answer: D

Explanation

The correct answer is D because reviewing the effectiveness of controls ensures that the implemented measures still function as intended after the update. Options A, B, and C, while relevant to security practices, do not directly address the immediate need to verify that existing security controls are still effective post-update.