ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 675 discussion

Actual exam question from Isaca's CISM
Question #: 675
Topic #: 1
[All CISM Questions]

Management decisions concerning information security investments will be MOST effective when they are based on:

  • A. a process for identifying and analyzing threats and vulnerabilities.
  • B. the formalized acceptance of risk analysis by management.
  • C. the reporting of consistent and periodic assessments of risks.
  • D. an annual loss expectancy (ALE) determined from the history of security events.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Jae_kes at June 21, 2023, 7:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yottabyte
7 months ago
Selected Answer: C
Consistent and regular
upvoted 2 times
...
Marcelus1714
8 months, 4 weeks ago
Selected Answer: C
It says "Management decisions", the word management makes me go to C
upvoted 1 times
...
AlexJacobson
9 months, 1 week ago
Selected Answer: C
Management operate in risk and $. They will base decision of how much $ to invest in a control based on the risk they're trying to treat somehow.
upvoted 1 times
...
Uncle_Lucifer
10 months, 4 weeks ago
Selected Answer: C
risk includes both threats and vulnerabilities. -> C is more comprehensive and inclusive
upvoted 1 times
...
koala_lay
1 year, 1 month ago
Selected Answer: A
Management decisions concerning information security investments will be most effective when they are based on option A: a process for identifying and analyzing threats and vulnerabilities. It is crucial for organizations to have a systematic approach in identifying and analyzing potential threats and vulnerabilities to their information security. This involves conducting risk assessments, vulnerability assessments, and threat intelligence analysis. By understanding the specific risks faced by the organization, management can make informed decisions about where to invest their resources to mitigate those risks effectively.
upvoted 1 times
...
oluchecpoint
1 year, 1 month ago
Selected Answer: A
This involves conducting risk assessments, identifying potential risks, and evaluating the potential impact and likelihood of those risks. Once these threats and vulnerabilities are identified, management can then make informed decisions about how to prioritize and allocate resources for information security investments.
upvoted 1 times
...
ddharia94
1 year, 3 months ago
Selected Answer: C
it is C
upvoted 3 times
...
richck102
1 year, 3 months ago
C. the reporting of consistent and periodic assessments of risks.
upvoted 3 times
...
Jae_kes
1 year, 4 months ago
Selected Answer: A
A. a process for identifying and analyzing threats and vulnerabilities
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago