Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 879 discussion

Actual exam question from Isaca's CISM
Question #: 879
Topic #: 1
[All CISM Questions]

Which of the following would BEST guide the development and maintenance of an information security program?

  • A. A business impact assessment
  • B. The organization's risk appetite
  • C. A comprehensive risk register
  • D. An established risk assessment process
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by richck102 at Oct. 3, 2023, 8:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
03allen
4 months ago
Selected Answer: B
the risks identified by D are still needed to be evaluated by B
upvoted 4 times
...
shootnot
6 months, 1 week ago
B- Risk appetite serves as a guiding principal whereas the established risk assessment process is a vehicle.
upvoted 2 times
...
oluchecpoint
6 months, 3 weeks ago
Selected Answer: D
D. An established risk assessment process
upvoted 1 times
...
yottabyte
8 months ago
Selected Answer: B
Organization's risk appetite will dictate the stringent approach of risk assessments. So B is important than D here.
upvoted 1 times
...
AlexJacobson
9 months, 3 weeks ago
Selected Answer: D
IMO, risk assessment is needed for objective view of things. Risk appetite is too broad to guide development AND maintenance. It may serve as a starting point, but you need measurable, relevant and repeatable processes to be consistent. Also, infosec program also deals with security controls. How would you select the appropriate controls by just looking at risk appetite and no risk assessment?
upvoted 2 times
...
killainc
10 months, 2 weeks ago
Selected Answer: B
To guide the development and maintenance of an information security program, it is important to have a comprehensive understanding of the organization’s risk appetite 1. This will help in identifying the level of risk that the organization is willing to accept and the level of security that is required to protect the organization’s assets.
upvoted 2 times
...
FenixOid
11 months, 2 weeks ago
Selected Answer: B
agree with Soleandheel1
upvoted 1 times
...
Soleandheel
12 months ago
B. The organization's risk appetite
upvoted 1 times
Soleandheel
12 months ago
When you're still in the development stage of your information Security Program, the risk appetite is the driver. A well established risk assessment typically comes to play after the programm is already up. Risk appetite represents the organization's willingness to accept and tolerate risk, and it sets the overarching parameters for how the organization should approach information security. It helps determine the appropriate level of security controls, risk mitigation measures, and resource allocation needed to align with the organization's strategic goals and risk tolerance.
upvoted 1 times
...
...
koala_lay
1 year, 1 month ago
Selected Answer: D
The best option would be D. An established risk assessment process. An established risk assessment process helps identify and prioritize potential risks to the organization's information security. It involves evaluating the likelihood and potential impact of each risk, and developing strategies and controls to mitigate them. This process should be conducted on a regular basis to ensure that the information security program remains effective and up to date.
upvoted 2 times
...
richck102
1 year, 1 month ago
Selected Answer: D
D. An established risk assessment process
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel