CISM Certified Information Security Manager – Question1178

To minimize security exposure introduced by changes to the IT environment, which of the following is MOST important to implement as part of change management?

A.
Requiring approval by senior management
B. Performing a business impact analysis (BIA) prior to implementation
C. Performing post-change reviews before closing change tickets
D. Conducting a security risk assessment prior to go-live

Correct Answer: B