Exam CISM topic 1 question 297 discussion

A. The risk register: A risk register documents and assesses the various risks associated with a system. It helps organizations identify and prioritize risks based on their potential impact and likelihood. Prioritizing controls based on the identified risks is a common and effective approach to security and risk management.

A. The risk register: A risk register documents and assesses the various risks associated with a system. It helps organizations identify and prioritize risks based on their potential impact and likelihood. Prioritizing controls based on the identified risks is a common and effective approach to security and risk management.

A. The risk register

A risk register is a document or tool used to identify, assess, and prioritize risks in a project or organization. It typically includes information on the likelihood and potential impact of each risk, as well as any mitigation strategies that have been developed. The risk register helps organizations proactively manage risks and minimize their impact.

A. The risk register would provide the MOST useful information when prioritizing controls to be added to a system. A risk register is a document that identifies, assesses, and prioritizes potential risks to an organization's assets, and it can be used to inform the development of security controls. The other options (B, C, and D) can provide useful information as well, but a risk register would be the most direct and informative way to identify and prioritize specific controls that need to be added to a system in order to mitigate identified risks.