Certified Information Systems Security Professional – CISSP – Question181

An organization’s information security strategic plan MUST be reviewed

A.
whenever there are significant changes to a major application.
B. quarterly, when the organization’s strategic plan is updated.
C. whenever there are major changes to the business.
D. every three years, when the organization’s strategic plan is updated.

Correct Answer: C