Certified Information Security Manager (CISM) — Question 325

Which of the following is the MOST important outcome of effective risk treatment?

Answer options

• A. Implementation of corrective actions
• B. Elimination of risk
• C. Timely reporting of incidents
• D. Reduced cost of acquiring controls

Correct answer: B

Explanation

The correct answer is B, as the ultimate goal of risk treatment is to completely eliminate risk when possible. Options A, C, and D are important aspects of risk management but do not represent the primary objective, which is to eradicate risk entirely.