Certified Information Security Manager (CISM) — Question 567

Reevaluation of risk is MOST critical when there is:

Answer options

• A. a management request for updated security reports.
• B. resistance to the implementation of mitigating controls.
• C. a change in the threat landscape.
• D. a change in security policy.

Correct answer: C

Explanation

The correct answer is C because a change in the threat landscape can introduce new vulnerabilities or alter existing risks, making it crucial to reassess them. The other options, while important, do not directly indicate an immediate need to reevaluate risks like a changing threat environment does.