Certified Information Security Manager (CISM) — Question 2

Which of the following should be an information security managers PRIMARY focus during the development of a critical system storing highly confidential data?

Answer options

• A. Ensuring the amount of residual risk is acceptable
• B. Reducing the number of vulnerabilities detected
• C. Avoiding identified system threats
• D. Complying with regulatory requirements

Correct answer: A

Explanation

The primary focus should be on ensuring that the amount of residual risk is acceptable, as this encapsulates the overall security posture of the system. While reducing vulnerabilities, avoiding threats, and regulatory compliance are important, they do not address the broader concept of risk management that is crucial for highly confidential data.