Isaca Exam CISM Topic 3 Question 61 Discussion

Actual exam question for Isaca's CISM exam

Question #: 61
Topic #: 3

[All CISM Questions]

Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

APresenting evidence of inherent risk

BReporting the security maturity level

CPresenting compliance requirements

DCommunicating the residual risk

Show Suggested Answer

Suggested Answer: A

When preventive controls to appropriately mitigate risk are not feasible, the most important action for the information security manager is to manage the impact, which means taking measures to reduce the likelihood or severity of the consequences of the risk. Managing the impact can involve using alternative controls, such as engineering, administrative, or personal protective controls, that can lower the exposure or harm to the organization. The other options, such as identifying unacceptable risk levels, assessing vulnerabilities, or evaluating potential threats, are part of the risk assessment process, but they are not actions to mitigate risk when preventive controls are not feasible. Reference:

https://bcmmetrics.com/risk-mitigation-evaluating-your-controls/

https://www.osha.gov/safety-management/hazard-prevention

https://www.cdc.gov/niosh/topics/hierarchy/default.html

by Glen at Aug 04, 2023, 02:35 PM

Limited Time Offer

25%

22 days ago

I think presenting evidence of inherent risk is the best way to get senior management commitment.

upvoted 0 times

...