CISSP · Question #636
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
The correct answer is D. Change to organization goals. Security policies must align with organizational goals and objectives, so any change in organizational goals directly triggers an immediate review of existing security policies to ensure continued alignment.
Question
Options
- AChange in technology
- BChange in senior management
- CChange to organization processes
- DChange to organization goals
How the community answered
(57 responses)- A2% (1)
- B5% (3)
- C11% (6)
- D82% (47)
Why each option
Security policies must align with organizational goals and objectives, so any change in organizational goals directly triggers an immediate review of existing security policies to ensure continued alignment.
A change in technology may prompt updates to specific security controls or procedures, but it does not necessarily require an immediate review of the overarching security policies themselves, which are goal-driven rather than technology-driven.
A change in senior management may influence organizational culture or priorities over time, but it does not by itself mandate an immediate policy review unless it is accompanied by a formal change in organizational goals or strategy.
A change to organizational processes may require updates to operational security procedures or guidelines, but security policies are driven by goals and objectives rather than internal process changes, so a policy overhaul is not immediately triggered.
A change in organizational goals directly impacts the purpose and scope of security policies, because security policies exist to protect and enable the organization's mission and objectives. If the goals shift - such as entering new markets, adopting new business models, or changing risk appetite - the security policies must be immediately reviewed and potentially rewritten to reflect the new direction and associated risks.
Concept tested: Security policy triggers and organizational goal alignment
Source: https://www.nist.gov/publications/introduction-information-security
Topics
Community Discussion
No community discussion yet for this question.