Certified Information Security Manager (CISM) — Question 182

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?

Answer options

• A. Performing a business impact analysis (BIA)
• B. Reviewing policies and procedures
• C. Performing a risk assessment
• D. Interviewing business managers and employees

Correct answer: C

Explanation

A risk assessment provides a thorough analysis of potential vulnerabilities and threats to the organization's security, making it the best option for understanding the current security posture. While reviewing policies and procedures, performing a BIA, and interviewing staff are valuable, they do not offer the same depth of insight into security risks as a risk assessment.