CISM Certified Information Security Manager – Question0374

When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

A.
Assess vulnerabilities.
B. Manage the impact.
C. Evaluate potential threats.
D. Identify unacceptable risk levels.

Correct Answer: D