CISM Certified Information Security Manager – Question0335

To effectively manage an organization’s information security risk, it is MOST important to:

A.
periodically identify and correct new systems vulnerabilities
B. assign risk management responsibility to end users
C. benchmark risk scenarios against peer organizations
D. establish and communicate risk tolerance

Correct Answer: A