CISM Question #511: Real Exam Question with Answer & Explanation

The correct answer is B: information security controls that reduce enterprise risk.. Integrating information security risk management into enterprise risk management (ERM) ensures that security controls are designed and implemented in the context of overall business risk - resulting in controls that directly reduce enterprise-level risk. Reduced risk tolerance (A

Submitted by andres_qro· Apr 18, 2026Information Security Risk Management

Question

The integration of information security risk management processes into corporate risk management will MOST likely provide:

Options

Areduced enterprise risk tolerance levels.
Binformation security controls that reduce enterprise risk.
Cexecutive approval of the information security budget.
Dimproved efficiencies of security operations.

Explanation

Integrating information security risk management into enterprise risk management (ERM) ensures that security controls are designed and implemented in the context of overall business risk - resulting in controls that directly reduce enterprise-level risk. Reduced risk tolerance (A) is a policy decision, not an automatic outcome of integration. Executive budget approval (C) may follow but is not a guaranteed or primary outcome. Operational efficiency (D) is a secondary benefit. The primary value is that security efforts become strategically aligned with enterprise risk reduction.

Topics

#Risk Management Integration#Enterprise Risk#Information Security Controls#Corporate Risk Management

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions