Why not C? It could be a standard change to the risk profile but most important change that needs to be communicated is around change in the risk appetite level or change is the risk tolerance or acceptance level?
Senior management would define risk appetite. According to the CISM Manual, Risk appetite is the level of risk that an organization is willing to accept while
in the pursuit of its mission, strategy, and objectives. Risk treatment and risk
acceptance decisions should be assigned to and made by associated business
owners and executives who are accountable for those decisions. The board is responsible for establishing the tone for
risk appetite and risk management in the organization. To the extent that
the board of directors establishes business and IT security, so, too, should
the board consider risk and security in that strategy.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yottabyte
10 months, 2 weeks agoddharia94
1 year, 7 months agoEj24356
1 year, 5 months agorichck102
1 year, 8 months ago