Certified Information Security Manager (CISM) — Question 577

An organization's IT department needs to implement security patches. Recent reports indicate these patches could result in stability issues. Which of the following is the information security manager's BEST recommendation?

Answer options

• A. Research alternative software solutions
• B. Evaluate the patches in a test environment
• C. Increase monitoring after patch implementation
• D. Research compensating security controls

Correct answer: B

Explanation

The best course of action is to evaluate the patches in a test environment, as this allows for identifying potential stability issues before deployment. The other options either do not directly address the immediate concern of stability (A, C) or suggest a workaround rather than a solution (D).