Certified Information Security Manager (CISM) — Question 554

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Answer options

• A. Risk profile changes
• B. Vulnerability scanning progress
• C. Defined risk appetite
• D. Emerging security technologies

Correct answer: A

Explanation

The correct answer is A, as changes in the risk profile provide senior management with an overview of the organization's current risk landscape and necessary adjustments. Options B, C, and D, while relevant, do not address the overarching changes in risk that are crucial for senior management's strategic decisions.