Certified Information Security Manager (CISM) — Question 992

Which of the following should the information security manager do FIRST upon learning that a business department wants to use blockchain technology for a new payment process?

Answer options

• A. Include the new requirements in the system development life cycle (SDLC) pipeline.
• B. Update the business case to include security budget and resource needs for the new process.
• C. Perform a risk assessment to identify emerging risks.
• D. Benchmark blockchain solutions to determine which one is most secure.

Correct answer: C

Explanation

The correct answer is C because conducting a risk assessment is crucial to identify any potential threats or vulnerabilities associated with the new blockchain payment process before proceeding. Options A and B focus on implementation and budgeting, which should follow after understanding the risks, while option D, although important, should also come after assessing the risks involved.