Certified Information Security Manager (CISM) — Question 1181
Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation of a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?
Answer options
- A. Deviation from risk management best practices
- B. Impact on the risk culture
- C. Inability to determine short-term impact
- D. Impact on compliance risk
Correct answer: D
Explanation
The greatest concern for the information security manager should be the impact on compliance risk, as deactivating a critical monitoring process could lead to non-compliance with regulatory requirements. While deviation from best practices and the risk culture are important, they are secondary to the potential legal and financial repercussions that non-compliance could bring. The inability to determine short-term impact is also significant but does not directly address the compliance issues that may arise.