CISM Certified Information Security Manager – Question1095
An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do? A. Research best practices B. Meet with stakeholders C. Establish change control procedures D. Identify critical systems
Correct Answer: B
Explanation:
Explanation:
No new process will be successful unless it is adhered to by all stakeholders; to the extent stakeholders have input, they can be expected to follow the process. Without consensus agreement from the stakeholders, the scope of the research is too wide; input on the current environment is necessary to focus research effectively. It is premature to implement procedures without stakeholder consensus and research. Without knowing what the process will be the parameters to baseline are unknown as well.
Please disable your adblocker or whitelist this site!