Certified Information Security Manager (CISM) — Question 416

Which of the following is the MOST important detail to capture in an organization's risk register?

Answer options

• A. Risk acceptance criteria
• B. Risk severity level
• C. Risk ownership
• D. Risk appetite

Correct answer: C

Explanation

Risk ownership is crucial because it designates who is responsible for managing each risk, ensuring accountability within the organization. While risk acceptance criteria, severity level, and appetite are all important, they do not assign responsibility for mitigation, which is essential for effective risk management.