Certified Information Security Manager (CISM) — Question 98

Which of the following should be the MOST important consideration when prioritizing risk remediation?

Answer options

• A. Evaluation of risk
• B. Duration of exposure
• C. Comparison to risk appetite
• D. Impact of compliance

Correct answer: C

Explanation

The correct answer is C because aligning risk remediation priorities with the organization's risk appetite ensures that the actions taken are acceptable within the company's level of risk tolerance. While evaluation of risk, duration of exposure, and compliance impact are important factors, they do not directly address whether the risks being remediated are in line with the business's overall risk strategy.