CISSP – Information Systems Security Management Professional (ISSMP) — Question 28

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Answer options

• A. Risk management plan
• B. Lessons learned documentation
• C. Risk register
• D. Stakeholder management strategy

Correct answer: C

Explanation

The correct answer is C, the Risk register, as it is specifically designed to document all identified risks along with their responses and current status. The Risk management plan outlines how risks will be managed but does not contain specific risk details. Lessons learned documentation focuses on past project experiences and does not track current risks. The Stakeholder management strategy addresses stakeholder engagement, not risk management.