IsacaIsaca
CISM · Question #826
CISM Question #826: Real Exam Question with Answer & Explanation
The correct answer is B: Establishing key risk indicators (KRIs). Key risk indicators (KRIs) are the best method because they measure changes in risk exposure over time and show whether risk is being kept within defined thresholds, directly reflecting the effectiveness of the information risk management program.
Submitted by jaden.t· Apr 18, 2026Information Risk Management
Question
Which of the following is the BEST method to determine the effectiveness of an information risk management program?
Options
- AConducting an independent risk assessment
- BEstablishing key risk indicators (KRIs)
- CAssessing key performance indicators (KPIs)
- DSetting information security control baselines
Explanation
Key risk indicators (KRIs) are the best method because they measure changes in risk exposure over time and show whether risk is being kept within defined thresholds, directly reflecting the effectiveness of the information risk management program.
Topics
#Key Risk Indicators (KRIs)#Program Effectiveness#Risk Monitoring#Information Risk Management
Community Discussion
No community discussion yet for this question.