Certified Information Security Manager (CISM) — Question 542

When determining an acceptable risk level, which of the following is the MOST important consideration?

Answer options

• A. Vulnerability scores
• B. System criticalities
• C. Risk matrices
• D. Threat profiles

Correct answer: B

Explanation

The most crucial aspect to consider when determining an acceptable risk level is the system criticalities, as they help identify how vital a system is to the organization. Vulnerability scores, risk matrices, and threat profiles are also important but do not provide the same level of insight into the impact of risks on critical systems.