CISA Certified Information Systems Auditor – Question2387

The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:

A.
cost-benefit of security controls.
B. status of the security posture.
C. probability of future incidents.
D. risk acceptance criteria.

Correct Answer: B