Certified Information Security Manager (CISM) — Question 377

Changes have been proposed to a large organization's enterprise resource planning (ERP) system that would violate existing security standards. Which of the following should be done FIRST to address this conflict?

Answer options

• A. Perform a cost-benefit analysis
• B. Calculate business impact levels.
• C. Validate current standards.
• D. Implement updated standards.

Correct answer: C

Explanation

The first step in resolving a conflict with existing security standards is to validate current standards, which ensures that the proposed changes are assessed against the established guidelines. Options A and B are important but come after understanding the existing standards, while D suggests implementing changes without confirming if they align with current security protocols.