Certified Information Security Manager (CISM) — Question 1011

Which of the following should have the MOST influence on an organization's response to a new industry regulation?

Answer options

• A. The organization's risk control baselines
• B. The organization's control objectives
• C. The organization's risk management framework
• D. The organization's risk appetite

Correct answer: D

Explanation

The organization's risk appetite is crucial because it defines the level of risk the organization is willing to accept when responding to industry regulations. While the other options provide important frameworks and guidelines, they do not directly reflect the organization's willingness to take on risk, which is essential in determining how to approach new regulations.