CISM Certified Information Security Manager – Question0393
Which of the following BEST indicates a successful risk management practice? A. Overall risk is quantified B. Inherent risk is eliminated C. Residual risk is minimized D. Control risk is tied to business units
Correct Answer: C
Explanation:
Explanation:
A successful risk management practice minimizes the residual risk to the organization. Choice A is incorrect because the fact that overall risk has been quantified does not necessarily indicate the existence of a successful risk management practice. Choice B is incorrect since it is virtually impossible to eliminate inherent risk. Choice D is incorrect because, although the tying of control risks to business may improve accountability, this is not as desirable as minimizing residual risk.
Please disable your adblocker or whitelist this site!