Certified Information Security Manager (CISM) — Question 603
To support effective risk decision making, which of the following is MOST important to have in place?
Answer options
- A. An audit committee consisting of mid-level management
- B. Risk reporting procedures
- C. Well-defined and approved controls
- D. Established risk domains
Correct answer: B
Explanation
Risk reporting procedures are essential because they provide the necessary information and insights for informed decision-making regarding risks. While well-defined controls and established risk domains are important, they do not directly facilitate the communication and understanding of risks like effective reporting procedures do.