Certified Information Security Manager (CISM) — Question 572

Which of the following is MOST important to include in an information security status report to senior management?

Answer options

• A. Review of information security policies
• B. List of recent security events
• C. Key risk indicators (KRIs)
• D. Information security budget requests

Correct answer: C

Explanation

Key risk indicators (KRIs) are essential for management to understand the potential threats and vulnerabilities that could impact the organization. While reviewing policies, listing security events, and budget requests are important, they do not provide the same level of insight into the organization's risk exposure as KRIs do.