Certified Information Security Manager (CISM) — Question 790

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Answer options

• A. Compliance status is improved.
• B. Threat management is enhanced.
• C. Security metrics are enhanced.
• D. Proactive risk management is facilitated.

Correct answer: D

Explanation

The correct answer, D, highlights that a vulnerability assessment allows organizations to identify and address potential risks before they become serious issues. While options A, B, and C may improve as a result of better risk management, they are secondary benefits compared to the primary goal of proactively managing risks.