Certified Information Security Manager (CISM) — Question 481
An information security manager wants to improve the ability to identify changes in risk levels affecting the organization's systems. Which of the following is the
BEST method to achieve this objective?
Answer options
- A. Performing business impact analyses (BIA)
- B. Monitoring key goal indicators (KGIs)
- C. Monitoring key risk indicators (KRIs)
- D. Updating the risk register
Correct answer: C
Explanation
The best method to identify changes in risk levels is through monitoring key risk indicators (KRIs), as they provide direct insights into potential risks. Business impact analyses (BIA) and key goal indicators (KGIs) do not specifically focus on risk changes, and updating the risk register is a reactive measure rather than a proactive monitoring approach.