Certified Information Security Manager (CISM) — Question 36

Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

Answer options

• A. The level of exposure
• B. Vulnerability assessments
• C. The level of inherent risk
• D. Threat assessments

Correct answer: A

Explanation

The level of exposure is critical for the board as it directly impacts business decisions and risk management strategies. While vulnerability assessments, inherent risk, and threat assessments are important, they are more technical details that might not be as relevant for high-level strategic discussions with the board.