Certified Information Security Manager (CISM) — Question 450
An information security manager's PRIMARY objective for presenting key risks to the board of directors is to:
Answer options
- A. ensure appropriate information security governance.
- B. quantify reputational risks.
- C. meet information security compliance requirements.
- D. re-evaluate the risk appetite.
Correct answer: A
Explanation
The primary goal of presenting key risks to the board is to ensure appropriate information security governance, as this helps align security initiatives with business objectives. The other options, while important, do not focus on the overarching need for governance, which is essential for effective risk management and decision-making at the board level.