Certified Information Security Manager (CISM) — Question 606

Which of the following would provide the MOST value to senior management when presenting the results of a risk assessment?

Answer options

• A. Mapping the risks to existing controls
• B. Illustrating risk on a heat map
• C. Providing a technical risk assessment report
• D. Mapping the risks to the security classification scheme

Correct answer: B

Explanation

Option B is the correct answer because a heat map visually represents risk levels, making it easier for senior management to grasp the overall risk landscape at a glance. The other options, while useful, either provide too much technical detail (C) or are less effective in conveying the urgency and impact of risks (A and D).