Certified Information Security Manager (CISM) — Question 584

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following is the BEST way to address this situation?

Answer options

• A. Assign a risk owner to each risk.
• B. Create mitigating controls to manage the risks.
• C. Provide regular updates about the current state of the risks.
• D. Re-perform risk analysis at regular intervals.

Correct answer: A

Explanation

Assigning a risk owner to each risk ensures accountability and encourages timely action on risk management. While creating mitigating controls, providing updates, and re-performing risk analysis are all important, they do not directly resolve the issue of accountability and ownership that is crucial for timely risk treatment.