Certified Chief Information Security Officer (CCISO) — Question 167

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Answer options

• A. Ensuring developers include risk control comments in code
• B. Creating risk assessment templates based on specific threats
• C. Providing a risk program governance structure
• D. Allowing for the acceptance of risk for regulatory compliance requirements

Correct answer: C

Explanation

Establishing a governance framework for the risk program is crucial as it provides oversight and direction, ensuring the program aligns with organizational goals. The other options, while important, do not address the structural support necessary for a risk program's long-term success and sustainability.