Certified Information Security Manager (CISM) — Question 52

Which of the following would BEST enable effective decision-making?

Answer options

• A. Annualized loss estimates determined from past security events
• B. A universally applied list of generic threats, impacts, and vulnerabilities
• C. A consistent process to analyze new and historical information risk
• D. Formalized acceptance of risk analysis by business management

Correct answer: C

Explanation

Option C is correct because having a consistent process for analyzing both new and historical information risk allows for informed decision-making based on comprehensive data. The other options, while useful, do not provide the same level of systematic analysis and ongoing evaluation needed for effective decision-making.