Certified Information Security Manager (CISM) — Question 740

Which of the following will result in the MOST accurate controls assessment?

Answer options

• A. Mature change management processes
• B. Unannounced testing
• C. Well-defined security policies
• D. Senior management support

Correct answer: B

Explanation

Unannounced testing (B) provides the most accurate assessment of controls because it simulates real-world conditions where controls are evaluated without prior notice. The other options, while important, do not directly measure the effectiveness of controls in a spontaneous manner, making them less reliable for an accurate assessment.