Certified Information Security Manager (CISM) — Question 337

When designing an information security risk monitoring framework, it is MOST important to ensure:

Answer options

• A. preservation of forensic evidence is enabled
• B. the monitoring system is patched regularly
• C. feedback is communicated to stakeholders
• D. outlier events are escalated to system administrators

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of communication with stakeholders, which is vital for effective risk management. While preserving forensic evidence, patching the system, and escalating events are important, they do not have the same direct impact on ensuring that all parties are informed and can respond appropriately to risks.