Certified Information Security Manager (CISM) — Question 1207

Which of the following is MOST effective in monitoring an organization's existing risk?

Answer options

• A. Vulnerability assessment results
• B. Security information and event management (SIEM) systems
• C. Periodic updates to risk register
• D. Risk management dashboards

Correct answer: D

Explanation

The correct answer, D, refers to risk management dashboards, which provide a comprehensive and real-time view of an organization's risk landscape. While vulnerability assessments (A) and SIEM systems (B) are important tools for identifying risks, they do not offer the holistic monitoring that dashboards provide. Periodic updates to the risk register (C) are crucial but are more reactive than proactive compared to dashboards.