CISSP · Question #234
An organization's information security strategic plan MUST be reviewed
The correct answer is C. whenever there are major changes to the business.. An organization's information security strategic plan must be reviewed whenever there are major changes to the business, such as mergers, acquisitions, divestitures, new products or services, new markets, new regulations, or new threats. These changes can affect the organization'
Question
An organization's information security strategic plan MUST be reviewed
Options
- Awhenever there are significant changes to a major application.
- Bquarterly, when the organization's strategic plan is updated.
- Cwhenever there are major changes to the business.
- Devery three years, when the organization's strategic plan is updated.
How the community answered
(45 responses)- A4% (2)
- B9% (4)
- C73% (33)
- D13% (6)
Explanation
An organization's information security strategic plan must be reviewed whenever there are major changes to the business, such as mergers, acquisitions, divestitures, new products or services, new markets, new regulations, or new threats. These changes can affect the organization's risk profile, security objectives, policies, procedures, and controls. Therefore, the information security strategic plan must be updated to align with the current business environment and ensure the protection of the organization's information assets.
Topics
Community Discussion
No community discussion yet for this question.