When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
Risk management is the process of identifying, assessing, and prioritizing risks to an organization, including the evaluation of existing controls and the selection of new controls based on changes in the business strategy. When the business strategy changes, it may introduce new risks or alter the significance of existing risks. Risk management allows organizations to adapt their information security controls to align with the evolving risk landscape.
While access control management (option A), change management (option B), and configuration management (option C) are important processes within information security, risk management is the overarching process that guides the assessment of controls in the context of changing business strategies.
B. conduct a risk assessment. This step allows the information security manager to evaluate the potential risks introduced by the new regulatory requirement and understand its impact on the organization's existing controls. By identifying vulnerabilities and threats, the manager can prioritize actions and allocate resources effectively.
Would you like to dive deeper into risk assessment methodologies or discuss other aspects of information security?
I agree that ChatGPT answers are wrong half the time, but how the hell change management evaluates current security controls and assist in selecting new ones? In this case, ChatGPT is correct and it's D - of all other answers, risk assessment is the closest we have for evaluating the controls and selecting new ones thriugh figuring out what are the current risks, what will new controls do to existing risk profile and what controls generally make sense for cost-effective risk management.
Change management is the right answer as it asess information security control during changes. Risk management is only for assessing risk occurred due to changes
1. Risk Mgmt- Risk management involves identifying, assessing, and mitigating risks that could impact an organization's objectives
Gap analysis comes i picture:- when compare between current business' strategy to best in marked(regulatory)
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Viperhunter
Highly Voted 1 year agoccsppractice
Most Recent 1 month, 3 weeks agoCISSPST
12 months agoSoleandheel
1 year, 1 month agoAlexJacobson
10 months, 2 weeks agopc2502
1 year, 4 months agopc2502
1 year, 4 months agopc2502
1 year, 4 months agopeelu
1 year, 6 months agorichck102
1 year, 7 months agoPrasannacpw
2 years ago