IsacaIsaca
CISM · Question #582
CISM Question #582: Real Exam Question with Answer & Explanation
The correct answer is D: Risk appetite. Risk appetite defines the level of risk an organization is willing to accept and serves as the foundational input for designing an information security framework that aligns with business objectives and tolerance for risk.
Submitted by jakub_pl· Apr 18, 2026Information Security Governance
Question
Which of the following BEST informs the design of an information security framework?
Options
- AAvailable skills
- BImplementation cost
- CRecent audit findings
- DRisk appetite
Explanation
Risk appetite defines the level of risk an organization is willing to accept and serves as the foundational input for designing an information security framework that aligns with business objectives and tolerance for risk.
Topics
#Information Security Framework Design#Risk Appetite#Information Security Governance#Security Program Development
Community Discussion
No community discussion yet for this question.