nerdexam
(ISC)2

CISSP · Question #636

Which one of the following would cause an immediate review and possible change to the security policies of an organization?

The correct answer is D. Change to organization goals. Security policies must align with organizational goals and objectives, so any change in organizational goals directly triggers an immediate review of existing security policies to ensure continued alignment.

Submitted by kim_seoul· Mar 5, 2026Security and Risk Management

Question

Which one of the following would cause an immediate review and possible change to the security policies of an organization?

Options

  • AChange in technology
  • BChange in senior management
  • CChange to organization processes
  • DChange to organization goals

How the community answered

(57 responses)
  • A
    2% (1)
  • B
    5% (3)
  • C
    11% (6)
  • D
    82% (47)

Why each option

Security policies must align with organizational goals and objectives, so any change in organizational goals directly triggers an immediate review of existing security policies to ensure continued alignment.

AChange in technology

A change in technology may prompt updates to specific security controls or procedures, but it does not necessarily require an immediate review of the overarching security policies themselves, which are goal-driven rather than technology-driven.

BChange in senior management

A change in senior management may influence organizational culture or priorities over time, but it does not by itself mandate an immediate policy review unless it is accompanied by a formal change in organizational goals or strategy.

CChange to organization processes

A change to organizational processes may require updates to operational security procedures or guidelines, but security policies are driven by goals and objectives rather than internal process changes, so a policy overhaul is not immediately triggered.

DChange to organization goalsCorrect

A change in organizational goals directly impacts the purpose and scope of security policies, because security policies exist to protect and enable the organization's mission and objectives. If the goals shift - such as entering new markets, adopting new business models, or changing risk appetite - the security policies must be immediately reviewed and potentially rewritten to reflect the new direction and associated risks.

Concept tested: Security policy triggers and organizational goal alignment

Source: https://www.nist.gov/publications/introduction-information-security

Topics

#Security policy management#Organizational goals#Policy review#Risk alignment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice