CISM Certified Information Security Manager – Question0553

Which of the following is the BEST way to determine if an organization’s current risk is within the risk appetite?

A.
Conducting a business impact analysis (BIA)
B. Implementing key performance indicators (KPIs)
C. Implementing key risk indicators (KRIs)
D. Developing additional mitigating controls

Correct Answer: C