Certified Information Security Manager (CISM) — Question 500

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Answer options

• A. Establishing risk metrics
• B. Training on risk management procedures
• C. Reporting on documented deficiencies
• D. Assigning a risk owner

Correct answer: D

Explanation

Designating a risk owner ensures accountability and responsibility for the risk response plan, facilitating timely development and execution. While establishing risk metrics, training, and reporting deficiencies are helpful, they do not directly assign responsibility like a risk owner does.