Certified Information Security Manager (CISM) — Question 1088

It is MOST important that risk owners understand they are accountable for:

Answer options

• A. collaborating with stakeholders to evaluate the effectiveness of controls associated with the risk.
• B. reporting risk metrics and control compliance status to the information security manager.
• C. escalating control deficiencies associated with the risk to the steering committee for decision making.
• D. overseeing and monitoring the effectiveness of controls associated with the risk.

Correct answer: D

Explanation

The correct answer is D because risk owners must ensure that controls are effective in mitigating risks. While the other options involve important tasks like collaboration, reporting, and escalation, they do not capture the primary accountability of risk owners, which is to oversee and monitor control effectiveness.