Certified Information Security Manager (CISM) — Question 631

An organization is performing an annual review of its risk landscape. Which of the following anticipated changes will have the MOST significant impact on the information security strategy?

Answer options

• A. The renewal and renegotiation of the organization's contract with its managed security services provider
• B. Migration of personal data to a new database system on a different server platform
• C. The expansion to an international location with unfamiliar security and privacy regulations
• D. Replacement of the aging enterprise-wide core firewall infrastructure with a new solution from a different vendor

Correct answer: C

Explanation

The expansion to an international location introduces new security and privacy regulations that the organization must comply with, which can significantly alter its information security strategy. Although the other options are important, they do not present the same level of impact or complexity as navigating unfamiliar regulations in a new international market.