Certified Information Security Manager (CISM) — Question 690

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?

Answer options

• A. Establish a capability maturity model.
• B. Develop a training plan.
• C. Conduct a risk assessment.
• D. Perform a skills gap analysis.

Correct answer: D

Explanation

The correct answer is D, as performing a skills gap analysis identifies the current capabilities of personnel and the skills needed for the new application. Without understanding the existing skill set, it is challenging to develop a training plan, conduct a risk assessment, or establish a capability maturity model effectively.