CISM Certified Information Security Manager – Question1275

When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

A.
Risk assessments must be conducted by certified staff.
B. The methodology must be approved by the chief executive officer.
C. Risk assessments must be reviewed annually.
D. The methodology used must be consistent across the organization.

Correct Answer: D