ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 676 discussion

Actual exam question from Isaca's CISM
Question #: 676
Topic #: 1
[All CISM Questions]

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

  • A. Identification of risk
  • B. Selection of risk treatment options
  • C. Analysis of control gaps
  • D. Design of key risk indicators (KRIs)
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by aokisan at Dec. 24, 2022, 6:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MyKasala
Highly Voted 2 years, 4 months ago
Selected Answer: A
A is correct
upvoted 6 times
...
03allen
Most Recent 11 months ago
Selected Answer: A
controls are based on the risks.
upvoted 1 times
...
xcjxcj
1 year, 2 months ago
Selected Answer: C
C is most important. A is first, C is prioritized. You cannot prioritise appetizers over main course.
upvoted 1 times
...
Marcelus1714
1 year, 3 months ago
Selected Answer: A
come on! HIGHEST priority is to identify the risks! then you can do your gap analysis...
upvoted 2 times
...
oluchecpoint
1 year, 8 months ago
Selected Answer: C
This is the highest priority because it involves evaluating the existing controls and processes in place to mitigate risks associated with digital transformation. By assessing control gaps, you can determine where vulnerabilities or weaknesses exist, which is critical for making informed decisions about risk treatment options (Option B) and designing effective KRIs (Option D).
upvoted 2 times
...
wickhaarry
1 year, 10 months ago
HIGHEST priority? C
upvoted 1 times
...
richck102
1 year, 10 months ago
A. Identification of risk
upvoted 1 times
...
Rowlandmarc
1 year, 10 months ago
Selected Answer: C
at first, evaluate gap.
upvoted 1 times
...
aokisan
2 years, 5 months ago
Selected Answer: C
at first, evaluate gap.
upvoted 1 times
Michi23
2 years, 4 months ago
How do you know about existing risk when you dont identify them? After Identification you can evaluate the gap.
upvoted 9 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel