Certified Information Security Manager (CISM) — Question 277

An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?

Answer options

• A. Gap analysis results
• B. Risk register
• C. Threat assessment results
• D. Risk heat map

Correct answer: D

Explanation

A Risk heat map visually represents the likelihood and impact of various risks, making it easier for the board to understand the organization’s risk posture at a glance. While gap analysis results, risk registers, and threat assessments provide valuable information, they may not convey the overall risk status as effectively as a heat map.