CISM Certified Information Security Manager – Question0724

Which of the following should be an information security manager's FIRST course of action following a decision to implement a new technology?

A.
Determine security controls needed to support the new technology.
B. Perform a business impact analysis (BIA) on the new technology.
C. Perform a return-on-investment (ROI) analysis for the new technology.
D. Determine whether the new technology will comply with regulatory requirements.

Correct Answer: B