Certified Information Security Manager (CISM) — Question 76

The MOST important reason for an information security manager to be involved in the change management process is to ensure that:

Answer options

• A. security controls drive technology changes.
• B. risks have been evaluated.
• C. security controls are updated regularly.
• D. potential vulnerabilities are identified.

Correct answer: B

Explanation

The correct answer is B because evaluating risks is essential to ensure that any changes do not introduce new vulnerabilities to the system. Options A, C, and D, while important, do not emphasize the critical need to assess risks during the change management process.