CISM Certified Information Security Manager – Question0359

Which of the following would be MOST helpful in determining an organization’s current capacity to mitigate risk?

A.
Capability maturity model
B. Business impact analysis
C. IT security risk and exposure
D. Vulnerability assessment

Correct Answer: A