Demonstrating that risk is managed at the desired level is a key aspect of informing senior management about the effectiveness and success of the information security program. This involves providing an overview of risk assessments, mitigation efforts, and the overall state of the organization's risk posture. It enables senior management to make informed decisions about the allocation of resources and the ongoing effectiveness of the information security program in addressing organizational risks.
While confirming compliance with security policies (option A), verifying security costs do not exceed the budget (option B), and providing evidence that resources are performing as expected (option D) are important considerations, the primary goal is to ensure that the organization's risk is managed effectively in alignment with its risk tolerance and business objectives.
C, Tes, for sure. business risk is what the execs care about. speak their language and they happy :)
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Viperhunter
3 months, 3 weeks agorichck102
10 months agodedfef
11 months, 3 weeks agoCarlLimps
1 year, 1 month ago