“A risk assessment identifies the risk, evaluates its likelihood and impact, and determines risk response strategies. The result is a comprehensive understanding of the current risk environment and the organization’s risk profile.” (CISM Review Manual, 16th Ed., Domain 2)
D - Risk assessments involve a detailed analysis and evaluation of risks, including their likelihood and impact, and often include the results of various risk identification and analysis techniques.
The risk register also contains information on accepted risks. This information help to define the risk profile. They are not available through a risk assessment
The most comprehensive information related to an organization's current risk profile is the risk register.
A risk register is a document or database that contains a comprehensive list of identified risks, along with information about their likelihood, potential impact, and mitigations. It provides a centralized source of information about the organization's risks, allowing for a systematic approach to risk management. It helps in understanding the nature and extent of the risks, facilitating effective decision-making and prioritization of risk mitigation strategies.
While other options like gap analysis results, heat maps, and risk assessment results are useful for understanding specific aspects of an organization's risk profile, the risk register offers a more holistic view by capturing and organizing all relevant information about the identified risks.
D. Risk assessment results
The risk assessment results provide the most comprehensive information related to an organization's current risk profile. A risk assessment typically involves a systematic evaluation of potential risks, their likelihood, impact, and any existing controls or mitigation measures. This assessment provides a detailed and holistic view of an organization's risk landscape, including the identification of specific risks, their severity, and the effectiveness of existing control
A risk assessment is a systematic process of identifying, analyzing, and evaluating risks within an organization. It involves assessing the likelihood and impact of risks, considering existing controls and vulnerabilities, and determining the overall risk level. The results of a risk assessment provide a comprehensive understanding of the organization's risk landscape, including the identified risks, their potential impact, likelihood, and prioritization. This information helps inform decision-making, risk mitigation strategies, and the development of appropriate controls.
On the other hand, a risk register is a tool or document that captures and tracks identified risks, along with their characteristics and status. It serves as a repository of risk-related information but may not provide the same level of comprehensive analysis and evaluation as a risk assessment.
Therefore, in terms of providing comprehensive information about an organization's risk profile, the risk assessment results are typically more comprehensive than a risk register.
The risk register, sometimes known as a risk ledger, is the primary business record in most risk management programs. A risk register is a listing of risks that have been identified. Typically, a risk register contains many items, including a description of the risk, the level and type of risk, and information about risk treatment decisions.
Gregory, Peter H.; Gregory, Peter H.. CISM Certified Information Security Manager Bundle (p. 187). McGraw Hill LLC. Kindle Edition.
A comprehensive risk assessment result provides the most comprehensive information related to an organization's current risk profile and is an essential tool for ensuring that the organization is prepared to manage and mitigate risks effectively.
A comprehensive risk assessment result provides the most comprehensive information related to an organization's current risk profile and is an essential tool for ensuring that the organization is prepared to manage and mitigate risks effectively.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
D2D2
Highly Voted 2 years, 9 months agoZiggybooboo
2 years, 8 months agonezeranonymous
Most Recent 3 months agoATT5832
9 months agoBooict
11 months, 3 weeks agoSalilgen
1 year, 5 months agooluchecpoint
1 year, 6 months agoPOWNED
1 year, 6 months agokoala_lay
1 year, 11 months agooluchecpoint
1 year, 11 months agooluchecpoint
1 year, 6 months agorichck102
2 years, 1 month agokaranvp
2 years, 1 month agowello
2 years, 2 months agoAaronS1990
1 year, 11 months agoDravidian
2 years, 3 months agomeelaan
2 years, 4 months agoCarlPTY07
2 years, 5 months agobambs
2 years, 6 months agobambs
2 years, 6 months ago