CISM Certified Information Security Manager – Question1076

Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?

A.
System analyst
B. System user
C. Operations manager
D. Data security officer

Correct Answer: B

Explanation:

Explanation:
System users, specifically the user acceptance testers, would be in the best position to note whether new exposures are introduced during the change management process. The system designer or system analyst, data security officer and operations manager would not be as closely involved in testing code changes.