Question: The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
A.) verify the decision with the business units.
B.) check the system’s risk analysis.
C.) recommend update after post implementation review.
D.) request an audit review.

Download pdf (with explanations) edition of this exam.