Certified Information Security Manager (CISM) — Question 88

Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management's understanding of impact to the organization?

Answer options

• A. Detailed assessment of the security risk profile
• B. Risks inherent in new security technologies
• C. Findings from recent penetration testing
• D. Status of identified key security risks

Correct answer: D

Explanation

The correct answer is D because it provides senior management with a clear understanding of the most significant security risks currently affecting the organization. Options A, B, and C, while important, delve into details that may not directly convey the immediate impact on the organization, which is what senior management needs to prioritize.