CISM Certified Information Security Manager – Question0084

Who should drive the risk analysis for an organization?

A.
Senior management
B. Security manager
C. Quality manager
D. Legal department

Correct Answer: B

Explanation:

Explanation: Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department. Quality management and the legal department will contribute to the project.