Certified Information Security Manager (CISM) — Question 1196

When assigning a risk owner, the MOST important consideration is to ensure the owner has:

Answer options

• A. adequate knowledge of risk treatment and related control activities.
• B. decision-making authority and the ability to allocate resources for risk.
• C. sufficient time for monitoring and managing the risk effectively.
• D. risk communication and reporting skills to enable decision-making.

Correct answer: B

Explanation

The correct answer, B, highlights the necessity of having decision-making authority and resource allocation capabilities, which are essential for effectively managing and mitigating risks. While options A, C, and D are important qualities, they do not ensure the necessary power to make impactful decisions regarding risk management.