Certified Information Security Manager (CISM) — Question 58

The PRIMARY objective of a risk response strategy should be:

Answer options

• A. threat reduction.
• B. senior management buy-in.
• C. appropriate control selection.
• D. regulatory compliance.

Correct answer: C

Explanation

The correct answer is C because selecting appropriate controls is essential for effectively managing risks. While threat reduction, senior management buy-in, and regulatory compliance are important, they serve as supporting elements rather than the primary focus of a risk response strategy.