CISM Certified Information Security Manager – Question1277

An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:

A.
determine appropriate countermeasures.
B. transfer the risk to a third party.
C. report to management.
D. quantify the aggregated risk.

Correct Answer: D