Exam CRISC topic 1 question 1100 discussion

Recent security incidents would be MOST relevant to include in quarterly briefings for executive management focused on increasing risk awareness, as it makes the concept of risk tangible and highlights real-world impacts.

While the risk register is an essential component of risk management, it might contain detailed technical information that could overwhelm executive management. ncluding risk management best practices in the briefing is highly relevant. These practices provide guidance on how to effectively manage risks, aligning with the goal of increasing risk awareness. They help executives understand the organization's strategic approach to risk management.

A risk register will list the current risks within the organisation and its treatment plan. How it increases awareness? Most likely the management already know about this since some of them have signed off on those.. The MOST relevant to awareness is the recent incidents to my mind.

Agree with A.

I would go with A. Its more comprehensive than just specific security incidents. Plus the incidents are already incorporated in the RR.

Including recent security incidents in the quarterly briefings for executive management with a focus on increasing risk awareness is highly relevant. Sharing information about security incidents can help to demonstrate the potential consequences of inadequate risk management, highlight vulnerabilities in the organization's security posture, and inform executive management of emerging risks that may require their attention.

Yes, i prefer to go with risk register.

The risk register will give the board risk awareness