CISM Certified Information Security Manager – Question0847

Once a suite of security controls has been successfully implemented for an organization’s business units, it is MOST important for the information security manager to:

A.
ensure the controls are regularly tested for ongoing effectiveness.
B. hand over the controls to the relevant business owners.
C. prepare to adapt the controls for future system upgrades.
D. perform testing to compare control performance against industry levels.

Correct Answer: A