Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Isaca Discussions

Exam CISM topic 1 question 879 discussion

Actual exam question from Isaca's CISM
Question #: 879
Topic #: 1
[All CISM Questions]

Which of the following would BEST guide the development and maintenance of an information security program?

  • A. A business impact assessment
  • B. The organization's risk appetite
  • C. A comprehensive risk register
  • D. An established risk assessment process
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by richck102 at Oct. 3, 2023, 8:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
oluchecpoint
1 week, 5 days ago
Selected Answer: D
D. An established risk assessment process
upvoted 1 times
...
yottabyte
1 month, 2 weeks ago
Selected Answer: B
Organization's risk appetite will dictate the stringent approach of risk assessments. So B is important than D here.
upvoted 1 times
...
AlexJacobson
3 months, 1 week ago
Selected Answer: D
IMO, risk assessment is needed for objective view of things. Risk appetite is too broad to guide development AND maintenance. It may serve as a starting point, but you need measurable, relevant and repeatable processes to be consistent. Also, infosec program also deals with security controls. How would you select the appropriate controls by just looking at risk appetite and no risk assessment?
upvoted 2 times
...
killainc
4 months ago
Selected Answer: B
To guide the development and maintenance of an information security program, it is important to have a comprehensive understanding of the organization’s risk appetite 1. This will help in identifying the level of risk that the organization is willing to accept and the level of security that is required to protect the organization’s assets.
upvoted 2 times
...
FenixOid
5 months ago
Selected Answer: B
agree with Soleandheel1
upvoted 1 times
...
Soleandheel
5 months, 2 weeks ago
B. The organization's risk appetite
upvoted 1 times
Soleandheel
5 months, 2 weeks ago
When you're still in the development stage of your information Security Program, the risk appetite is the driver. A well established risk assessment typically comes to play after the programm is already up. Risk appetite represents the organization's willingness to accept and tolerate risk, and it sets the overarching parameters for how the organization should approach information security. It helps determine the appropriate level of security controls, risk mitigation measures, and resource allocation needed to align with the organization's strategic goals and risk tolerance.
upvoted 1 times
...
...
koala_lay
6 months, 3 weeks ago
Selected Answer: D
The best option would be D. An established risk assessment process. An established risk assessment process helps identify and prioritize potential risks to the organization's information security. It involves evaluating the likelihood and potential impact of each risk, and developing strategies and controls to mitigate them. This process should be conducted on a regular basis to ensure that the information security program remains effective and up to date.
upvoted 2 times
...
richck102
7 months, 1 week ago
Selected Answer: D
D. An established risk assessment process
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel