CISM Certified Information Security Manager – Question1000

The MAIN reason for an information security manager to monitor industry level changes in the business and IT is to:

A.
evaluate the effect of the changes on the levels of residual risk.
B. identify changes in the risk environment.
C. update information security policies in accordance with the changes.
D. change business objectives based on potential impact.

Correct Answer: B