Certified Information Security Manager (CISM) — Question 258

Which of the following information BEST supports risk management decision making?

Answer options

• A. Results of a vulnerability assessment
• B. Estimated savings resulting from reduced risk exposure
• C. Average cost of risk events
• D. Quantification of threats through threat modeling

Correct answer: D

Explanation

The correct answer, D, emphasizes that quantifying threats through threat modeling provides a clear understanding of potential risks, which is crucial for informed decision-making. Options A, B, and C, while relevant, do not offer the same level of insight into the specific threats that could impact the organization, making them less effective for risk management decisions.