CISM Certified Information Security Manager – Question0340

Which of the following should an information security manager perform FIRST when an organization’s residual risk has increased?

A.
Implement security measures to reduce the risk.
B. Communicate the information to senior management.
C. Transfer the risk to third parties.
D. Assess the business impact.

Correct Answer: D