The primary objective of a risk response strategy should be the selection of appropriate controls to mitigate identified risks to an acceptable level. This involves making decisions about the best ways to treat risks, such as avoiding the risk, transferring the risk to another party, reducing the negative impact of the risk, or accepting the risk. The selection of appropriate controls is the foundation for effective risk management and helps ensure that resources are directed towards the most critical risks facing the organization. While other factors, such as regulatory compliance and senior management buy-in, may be important considerations in the risk response process, the primary objective should always be the selection of appropriate controls to effectively manage risks.
WE have to be able to distinguish between the key words, OBJECTIVE and FUNCTION. Threat reduction is the final desired outcome of the any Risk Response Strategy. you create a strategy to achieve an objective or a goal. I do not see how "Appropriate control selection" can be an end goal or an objective. it is clearly a function that drives the objective. You select appropriate controls in order to reduce threats so it can not be C but A
The primary objective of a risk response strategy is A. threat reduction.
A risk response strategy aims to minimize the potential negative impacts of identified risks by taking proactive measures to reduce their likelihood or severity. This aligns with the goal of threat reduction, as it seeks to actively address and lessen the threats facing an organization.
A risk response strategy aims to minimize the likelihood or impact of identified risks. Threat reduction directly addresses the core concern of risks posing a threat to an organization.
Selecting appropriate controls is a component of a risk response strategy, but it's not the ultimate objective. The goal is to use those controls to reduce threats.
A. Reduction of threats/risks.
Risk reduction is the objective of risk response plan by the way of avoid/transfer/accept/mitigate.
D is incorrect as Use of appropriate control measures or mechanisms is part of mitigate strategy.
After further review in the ISACA manual... One of the Risk response options is to use appropriate control measures or mechanisms. So it may be C after all. What is your opinion?
Threats are external actors, you can't reduce them. The only thing you can do is to reduce your risk exposure to threats by applying proper controls
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 2 years, 2 months agoedmamol
Most Recent 2 weeks, 3 days agoAdabach
3 weeks, 3 days agoAdabach
4 weeks, 1 day agoAdabach
4 weeks, 1 day agoJess20
6 months agooluchecpoint
1 year, 6 months agokaranvp
1 year, 10 months agorichck102
1 year, 10 months agoQ_K
2 years, 1 month agobaranikumar_v
2 years, 3 months agoaokisan
2 years, 4 months agoUser21
1 year, 11 months agoD2D2
2 years, 5 months agoD2D2
2 years, 5 months agoromero318
1 year, 11 months agodigualada
1 year, 10 months ago