CISM Certified Information Security Manager – Question1056

The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:

A.
status of the security posture
B. probability of future incidents
C. cost-benefit of security controls
D. risk acceptance criteria

Correct Answer: A