Certified Information Security Manager (CISM) — Question 617

An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:

Answer options

• A. determine the security exposures
• B. assess the ability to integrate the security department operations
• C. ensure compliance with international standards
• D. evaluate the security policy and standards

Correct answer: A

Explanation

The correct answer is A, as identifying security exposures is crucial to understand potential risks that could affect the acquisition. The other options, while relevant to security considerations, do not address the immediate need to uncover existing vulnerabilities that could impact the transaction.