CISM Certified Information Security Manager – Question0322

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

A.
Integrating the risk assessment into the internal audit program
B. Applying global security standards to the IT projects
C. Training project managers on risk assessment
D. Having the information security manager participate on the project setting committees

Correct Answer: B