Exam CISM topic 1 question 272 discussion

Changes to the security budget can certainly impact the implementation of an information security strategy, but they should not be the most important consideration when reviewing the strategy. The most important consideration when reviewing an information security strategy should be new business initiatives, as they can introduce new risks and threats that may need to be addressed by the existing security controls and processes. For example, the introduction of new technology, products, or services can bring new vulnerabilities and attack surfaces, and the information security strategy should be reviewed and updated to address these new risks. On the other hand, changes to the security budget, internal audit findings, and recent security incidents can certainly inform the review and update of the information security strategy, but new business initiatives should always be the most important consideration.

Option B ..New Business can bring new issues ..new polices..new culture..new SLA and all that boring stuff.

Option B

New business initiatives create new business strategies, goals and objectives, which must be supported by infosec strategy.

D. Recent security incidents When reviewing an information security strategy, the MOST important consideration should be recent security incidents. This is because security incidents are a direct reflection of the current threat landscape and the effectiveness of existing security measures. By analyzing recent security incidents, an organization can identify vulnerabilities, weaknesses, and areas where improvements are needed in its security strategy.

B. New business initiatives

D? recent security incidents - the most important consideration when reviewing an information security strategy. This is because recent security incidents can provide valuable insights into the effectiveness of the current strategy and identify areas that need improvement.

obviously B

I think B