CISM · Question #106
CISM Question #106: Real Exam Question with Answer & Explanation
The correct answer is D: Propose that security risk be integrated under a common risk register.. To improve risk management effectiveness from a departmental level, an organization should integrate security risk under a common risk register, enabling a holistic view and centralized management.
Question
What is the BEST way for an information security manager to improve the effectiveness of risk management in an organization that currently manages risk at the departmental level?
Options
- ADeploy security risk management software in all departments.
- BDetermine whether the organization has defined its risk tolerance and risk appetite.
- CSubscribe to external risk reports relevant to each department.
- DPropose that security risk be integrated under a common risk register.
Explanation
To improve risk management effectiveness from a departmental level, an organization should integrate security risk under a common risk register, enabling a holistic view and centralized management.
Common mistakes.
- A. Deploying risk management software might standardize tools but doesn't inherently integrate departmental risk management or improve its effectiveness at an organizational level without a unified approach.
- B. While defining risk tolerance and appetite is critical for effective risk management, it is a foundational policy step that should precede or accompany the integration of risk, rather than the "BEST way" to improve effectiveness from departmental to organizational.
- C. Subscribing to external risk reports provides valuable context but doesn't directly address the organizational challenge of fragmented, departmental risk management.
Concept tested. Enterprise risk management integration
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
Topics
Community Discussion
No community discussion yet for this question.