What is the BEST way for an information security manager to improve the effectiveness of risk management in an organization that currently manages risk at the departmental level?
What is the BEST way for an information security manager to improve the effectiveness of risk management in an organization that currently manages risk at the departmental level?
Integrating security risk under a common risk register is the best way to improve the effectiveness of risk management in an organization. This approach centralizes risk information, allowing for better coordination and comprehensive visibility across all departments. Having a unified risk register ensures that risks are not managed in silos, promoting a more holistic and strategic risk management process that aligns with the overall objectives of the organization.
D - Centralizing risk information fosters better coordination, visibility, and holistic risk assessment.