Certified Information Security Manager (CISM) — Question 1058
The MOST effective way to present information security risk to senior management is to highlight:
Answer options
- A. business impact.
- B. countermeasures.
- C. threat intelligence.
- D. risk mitigation over time.
Correct answer: A
Explanation
Highlighting business impact is crucial because senior management is primarily concerned with how risks affect organizational goals and profitability. While countermeasures, threat intelligence, and risk mitigation are important, they do not resonate as strongly with executives who focus on the bottom line and strategic objectives.