An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization.

Posted by: Pdfprep Category: CISM Tags: Isaca Certificaton, CISM exam questions, CISM practice exam Post Date: November 20, 2020

An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization.

In this case the information security manager should:
A . use a qualitative method to assess the risk.
B . use a quantitative method to assess the risk.
C . put it in the priority list in order to gain time to collect more data.
D . ask management to increase staff in order to collect more evidence on severity.

Answer: A

An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization.

Author

Leave a Reply Cancel reply