Exam CISM topic 1 question 61 discussion

C - Key risk indicator is the goal here since the ultimate aim is to monitor risk

The best method to improve the ability to identify changes in risk levels affecting the organization's systems is to monitor Key Risk Indicators (KRIs). KRIs are specifically designed to provide early warnings about potential changes in risk, enabling the organization to take timely and appropriate actions to mitigate those risks.

Key Risk Indicators (KRIs) are metrics used to monitor and identify changes in risk levels. They provide early warning signs of potential issues or changes in the risk landscape, enabling the information security manager to take timely and informed actions. Monitoring KRIs helps organizations stay proactive in managing risks and maintaining the effectiveness of their information security program.

Key risk indicators (KRIs) are specific metrics or indicators that provide early warnings of potential changes in the risk landscape. Monitoring KRIs helps organizations proactively identify shifts in risk levels and take timely actions to manage and mitigate emerging risks. KRIs are designed to give insight into the likelihood or impact of risk events before they occur, enabling a more proactive risk management approach. While performing business impact analyses (BIA) (option A), monitoring key goal indicators (KGIs) (option B), and updating the risk register (option D) are important activities in risk management, monitoring key risk indicators is particularly focused on identifying changes in risk levels as they happen.

C. Monitoring key risk indicators (KRIs)

KRIs are metrics used to track changes in the level of risk exposure of an organization and can be used to identify emerging risks or changes in the risk landscape. KRIs are typically derived from risk assessments and are used to monitor the likelihood and impact of identified risks.