Certified Chief Information Security Officer (CCISO) — Question 24

Which of the following should be determined while defining risk management strategies?

Answer options

• A. Organizational objectives and risk tolerance
• B. Enterprise disaster recovery plans
• C. Risk assessment criteria
• D. IT architecture complexity

Correct answer: A

Explanation

The correct answer is A because understanding organizational objectives and risk tolerance is essential to align risk management strategies with the overall goals of the organization. Options B, C, and D, while important in their own contexts, do not directly influence the foundational aspects of risk management strategy formulation.