CISA Certified Information Systems Auditor – Question0445

Which of the following would BEST enable effective decision-making?

A.
Annualized loss estimates determined from past security events.
B. A universally applied list of generic threats impacts, and vulnerabilities
C. Formalized acceptance of risk analysis by business management
D. A consistent process to analyze new and historical information risk

Correct Answer: D