Certified Information Security Manager (CISM) — Question 556

Which of the following is MOST appropriate to add to a dashboard for the purpose of illustrating an organization's risk level to senior management?

Answer options

• A. Results of risk and control testing
• B. Number of reported incidents
• C. Budget variance for information security
• D. Risk heat map

Correct answer: D

Explanation

The correct answer is D, as a risk heat map visually represents the level of risk in a clear and concise manner, making it easy for senior management to understand. Options A and B, while informative, do not provide an overall visual representation of risk levels. Option C is focused on financial aspects rather than risk assessment.