Certified Information Security Manager (CISM) — Question 1055

Which of the following is MOST important to consider when prioritizing threats during the risk assessment process?

Answer options

• A. Regulatory requirements on the organization
• B. The severity of exploited vulnerabilities
• C. The threat landscape within the industry
• D. The potential impact on operations

Correct answer: D

Explanation

The potential impact on operations is crucial because it directly affects the organization's ability to function and achieve its objectives. While regulatory requirements, severity of vulnerabilities, and the threat landscape are important, they ultimately inform the understanding of impacts rather than dictate them.