nerdexam
(ISC)2

CISSP · Question #234

An organization's information security strategic plan MUST be reviewed

The correct answer is C. whenever there are major changes to the business.. An organization's information security strategic plan must be reviewed whenever there are major changes to the business, such as mergers, acquisitions, divestitures, new products or services, new markets, new regulations, or new threats. These changes can affect the organization'

Submitted by jian89· Mar 5, 2026Security and Risk Management

Question

An organization's information security strategic plan MUST be reviewed

Options

  • Awhenever there are significant changes to a major application.
  • Bquarterly, when the organization's strategic plan is updated.
  • Cwhenever there are major changes to the business.
  • Devery three years, when the organization's strategic plan is updated.

How the community answered

(45 responses)
  • A
    4% (2)
  • B
    9% (4)
  • C
    73% (33)
  • D
    13% (6)

Explanation

An organization's information security strategic plan must be reviewed whenever there are major changes to the business, such as mergers, acquisitions, divestitures, new products or services, new markets, new regulations, or new threats. These changes can affect the organization's risk profile, security objectives, policies, procedures, and controls. Therefore, the information security strategic plan must be updated to align with the current business environment and ensure the protection of the organization's information assets.

Topics

#information security strategy#strategic planning#governance#security program management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice