Examice

Exam CISM All QuestionsBrowse all questions from this exam

Go to Exam

Question 181

Which of the following is MOST important to include when reporting information security risk to executive leadership?

Key performance objectives and budget trends

Security awareness training participation and residual risk exposures

Risk analysis results and key risk indicators (KRIs)

Information security risk management plans and control compliance

Correct Answer: C

When reporting information security risk to executive leadership, it is crucial to provide information that helps them understand the current risk landscape and the potential impact on the organization. Risk analysis results and key risk indicators (KRIs) offer a clear and concise overview of the identified risks, their likelihood, and impact, as well as measurable data points to monitor the state and severity of those risks. This information is essential for executive leadership to make informed decisions regarding risk management and resource allocation.

Discussion

toffboiOption: C

I would go with C.

Learner76Option: B

Security awareness training, most important? Really?

karanvpOption: B

Tricky question. But answer would be B as the the answer says "Residual Risk Exposure" which must update to Sr.Leaders

richck102Option: C

C. Risk analysis results and key risk indicators (KRIs)

dedfefOption: C

C to the moon

afb4b17Option: B

The key words here are " risk analysis results". These are not intended for executive management. The outcome of security awareness training and residual risk exposure are two items that both meet the criterion of interesting for executive leadership.

oluchecpointOption: C

Risk analysis results and KRIs

DrTeeOption: C

Risk analysis results and KRIs provide the most concise and impactful information for executive leadership: Risk analysis results: Explain the identified risks, their likelihood, and potential impact on the organization's business objectives (e.g., financial losses, reputational damage). Key risk indicators (KRIs): Provide measurable data points that monitor the current state of risks and potential changes in their severity.

oluchecpointOption: C

C. Risk analysis results and key risk indicators (KRIs) When reporting information security risk to executive leadership, the most important information to include is risk analysis results and key risk indicators (KRIs). These provide a clear picture of the current state of security, potential vulnerabilities, and the impact of those vulnerabilities on the organization. Executive leadership needs this information to make informed decisions about how to prioritize resources and make strategic decisions related to information securitY

Hugo1717Option: C

When reporting information security risk to executive leadership, it's essential to provide them with a clear understanding of the organization's risk landscape and the effectiveness of risk management efforts. Option C, "Risk analysis results and key risk indicators (KRIs)," is the most important to include. Options A, B, and D contain valuable information, but they are not as crucial as risk analysis results and KRIs for executive decision-making when it comes to managing information security risks.

welloOption: C

KRIs for sure.

sedardnaOption: C

c SIN DUDA

bambsOption: C

Definitely C

ZiggyboobooOption: C

C for me too

D2D2Option: C

I am going with C