Isaca CISM Exam - Topic 3 Question 111 Discussion

Actual exam question for Isaca's CISM exam

Question #: 111
Topic #: 3

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

ADetermine whether the organization can benefit from adopting the new standard.

BObtain legal counsel's opinion on the standard's applicability to regulations,

CPerform a risk assessment on the new technology.

DReview industry specialists' analyses of the new standard.

Show Suggested Answer

Suggested Answer: A

= The first step that the information security manager should recommend when learning of a new standard related to an emerging technology is to determine whether the organization can benefit from adopting the new standard. This involves evaluating the business objectives, needs, and requirements of the organization, as well as the potential advantages, disadvantages, and challenges of implementing the new technology and the new standard. The information security manager should also consider the alignment of the new standard with the organization's existing policies, procedures, and standards, as well as the impact of the new standard on the organization's information security governance, risk management, program, and incident management. By conducting a preliminary analysis of the feasibility, suitability, and desirability of the new standard, the information security manager can provide a sound basis for further decision making and planning.

Reference= CISM Review Manual, 16th Edition, Chapter 1: Information Security Governance, Section: Information Security Standards, page 391; CISM Review Questions, Answers & Explanations Manual, 10th Edition, Question 43, page 412.

by Olive at May 03, 2026, 08:32 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF