Certified Information Security Manager (CISM) — Question 741

The MOST important reason for having an information security manager serve on the change management committee is to:

Answer options

• A. ensure changes are properly documented.
• B. advise on change-related risk.
• C. identify changes to the information security policy.
• D. ensure that changes are tested.

Correct answer: B

Explanation

The primary role of an information security manager on the change management committee is to provide guidance on risks associated with changes, which is crucial for maintaining security integrity. While proper documentation, identifying policy changes, and testing are important, they do not address the immediate risk implications that changes may introduce, which is the focus of the information security manager.