CISM Certified Information Security Manager – Question1156

A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?

A.
Prepare an impact assessment report.
B. Conduct a penetration test.
C. Obtain approval from senior management.
D. Back up the firewall configuration and policy files.

Correct Answer: A

Explanation:

Explanation:
An impact assessment report needs to be prepared first by providing the justification for the change, analysis of the changes to be made, the impact if the change does not work as expected, priority of the change and urgency of the change request. Choices B. C and D could be important steps, but the impact assessment report should be performed before the other steps.