Certified Information Systems Security Professional (CISSP) — Question 81
During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?
Answer options
- A. Assessment
- B. Planning
- C. Improvement
- D. Operation
Correct answer: C
Explanation
The correct answer is C, Improvement, as this stage is focused on addressing and correcting nonconformities to enhance the ISMS. The other options, such as Assessment, Planning, and Operation, do not specifically focus on the review and correction of identified issues within the management system.