ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 684 discussion

Actual exam question from Isaca's CISM
Question #: 684
Topic #: 1
[All CISM Questions]

What should be the information security manager’s FIRST step when updating an information security program?

  • A. Review costs and benchmark them against industry norms.
  • B. Interview business unit managers and key stakeholders.
  • C. Identify program components that do not align with business objectives.
  • D. Re-evaluate the organization's business expectations and objectives.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by cosmo4ng at April 14, 2023, 8:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CISSPST
1 year, 1 month ago
Selected Answer: B
Re-evaluating the organization's business expectations and objectives is not the responsibility of information security, but only business unit leadership. (So, not D) The business owners are best positioned to identify program components that are hindering or not aligning with business objectives. (So, not C) To develop or modify the security program needs evaluation of current and desired states; The best starting point for this is to interview the business unit managers and key stakeholders. (therefore, B)
upvoted 3 times
xcjxcj
10 months, 3 weeks ago
Your department has a new position. HR is responsible of recruit process, so you don't filter qualification?
upvoted 1 times
...
...
ddharia94
1 year, 6 months ago
Why not C? It is talking about updating security program and the info sec manager cannot review and update the business objective, that has to come from higher / senior management
upvoted 2 times
...
richck102
1 year, 6 months ago
D. Re-evaluate the organization's business expectations and objectives.
upvoted 2 times
...
karanvp
1 year, 7 months ago
Selected Answer: D
C and D is more relevant here. To Identify gap i.e. program components that do not align with business expectation and objectives, first need to re-evaluate current business expectations and objectives. Hence D is correct.
upvoted 4 times
...
Seasondream
1 year, 9 months ago
Selected Answer: D
If you're updating the program, it is best to reevaluate what the business goals are. This will eventually lead you to B and I know some people may have a tendency to gravitate to B before D
upvoted 1 times
...
cosmo4ng
1 year, 9 months ago
Why not B?
upvoted 1 times
dark_3k03r
1 year, 9 months ago
You need to make sure that the buniess expectations and objectives are still correct that is why D is the answer. If those items have changed then the interview can be reflected to match the situation. If not then it could have stayed the same. But without doing that analysis you won't know how to properly construct the interview questions in a way that is relevant to the goal at hand.
upvoted 3 times
...
Seasondream
1 year, 9 months ago
B falls under D. As a CISM think broad big picture. Reevaluating will lead you to conducting B.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel