Due to changes in an organization’s environment, security controls may no longer be adequate. What is the information security manager’s BEST course of action?
A.
Perform a new risk assessment.
B.
Review the previous risk assessment and countermeasures.
C.
Transfer the new risk to a third party.
D.
Evaluate countermeasures to mitigate new risks.
I will go with D here, there are controls in place already but they are not adequate, so to increase controls and to make it adequate, a gap analysis is required which is option D. A new risk assessment is not required.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Thavee
8 months, 3 weeks agoyottabyte
9 months, 3 weeks agoThavee
8 months, 3 weeks agorichck102
1 year, 6 months ago