Certified Information Security Manager (CISM) — Question 544

Which of the following is the MOST effective method of determining security priorities?

Answer options

• A. Vulnerability assessment
• B. Gap analysis
• C. Threat assessment
• D. Impact analysis

Correct answer: D

Explanation

The correct answer is D, Impact analysis, as it evaluates the potential consequences of security breaches and helps prioritize risks based on their severity and impact on the organization. While the other options like Vulnerability assessment, Gap analysis, and Threat assessment provide valuable insights, they do not directly focus on the implications of security issues, which is crucial for setting priorities.