By incorporating risk management into day-to-day operations and long-term strategic planning, organizations can ensure that security risks are identified, assessed, and appropriately addressed. This approach allows for a proactive and systematic approach to managing risks, rather than treating them as isolated incidents or afterthoughts. Option D
D. Risk management is built into operational and strategic activities
The effectiveness of an information security governance framework will best be enhanced if risk management is built into operational and strategic activities. This means that the organization considers and manages information security risks as part of its day-to-day operations and decision-making processes. When risk management is integrated into organizational activities, it becomes a fundamental part of the organization's culture, and not just an isolated function. This allows the organization to more effectively identify, evaluate, and mitigate information security risks, and to align its information security efforts with its overall business goals and objectives.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Agamennore
8 months agorichck102
10 months agoSaisharan
10 months, 4 weeks agoBroesweelies
1 year, 3 months agoMyKasala
1 year, 3 months agoaokisan
1 year, 4 months ago