Certified Information Security Manager (CISM) — Question 61

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?

Answer options

• A. Gap analysis results
• B. Risk register
• C. Heat map
• D. Risk assessment results

Correct answer: B

Explanation

The Risk register contains a detailed inventory of identified risks, their severity, and the organization's response strategies, making it the most comprehensive source of information. In contrast, Gap analysis results focus on discrepancies between current and desired states, heat maps visualize risks but do not provide in-depth details, and risk assessment results summarize findings rather than cataloging all risks thoroughly.