Exam CISM topic 1 question 972 discussion

Dashboard are not meant for monitoring, I think C which allows for continuous monitoring of the statues of the risk in the risk register which is updated frequently

SIEM is for monitoring threats and possible incidents. Risk management is different, and SIEM is not appriopriate for such task. D is the only viable answer. Why is the answer showing B as the best when more people selected D?

Out of the options provided, the most effective method for monitoring an organization's existing risk would likely be D. Risk management dashboards. Risk management dashboards are specifically designed to provide a comprehensive overview of an organization's risk landscape. They consolidate and display relevant risk information in a visually accessible format, allowing stakeholders to quickly identify and assess potential risks. These dashboards typically include key risk indicators, metrics, and trends, enabling organizations to track risk levels, monitor mitigation efforts, and make informed decisions based on real-time data. security information and event management (SIEM) systems (option B) are valuable tools for identifying and addressing specific security vulnerabilities and incidents, they may not provide the broader context needed for comprehensive risk monitoring.

D. Risk management dashboards

B. Security information and event management (SIEM) systems SIEM systems are highly effective in monitoring an organization's existing risk. SIEM systems collect and analyze data from various sources, including network devices, servers, applications, and security logs. They provide real-time monitoring, correlation, and analysis of security events and incidents. By analyzing this data, SIEM systems can detect anomalies, potential threats, and vulnerabilities in the organization's environment.

Option B - it is most effective monitoring and real-time visibility into existing risks