CISM Certified Information Security Manager – Question0474 - CISM Certified Information Security Manager

The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:

A. verify the decision with the business units.
B. check the system's risk analysis.
C. recommend update after post implementation review.
D. request an audit review.

Correct Answer: A

Explanation:

Explanation:
Verifying the decision with the business units is the correct answer because it is not the IT function’s responsibility to decide whether a new application modifies business processes Choice B does not consider the change in the applications. Choices C and D delay the update.