New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 106 Discussion

Actual exam question for Isaca's CISM exam
Question #: 106
Topic #: 2
[All CISM Questions]

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Show Suggested Answer Hide Answer
Suggested Answer: B

Risk profile changes are the most appropriate to communicate to senior management regarding information risk because they reflect the current level and nature of the risks that the organization faces and how they may affect its objectives and performance. Senior management needs to be aware of any changes in the risk profile so that they can make informed decisions and allocate resources accordingly. Risk profile changes also help senior management monitor the effectiveness of the risk management process and identify any gaps or weaknesses that need to be addressed.

Reference=Communicating Information Security Risk Simply and Effectively, Part 1,CISM Domain 2: Information Risk Management (IRM) [2022 update]


by Ceola at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
My
3 days ago
A) Emerging security technologies could be useful, but B) and C) are more directly relevant to information risk.
upvoted 0 times
...
Gwenn
8 days ago
C) Defined risk appetite is also important for senior management to understand.
upvoted 0 times
...
Lavonda
13 days ago
B) Risk profile changes is the most appropriate to communicate to senior management regarding information risk.
upvoted 0 times
...
Geoffrey
18 days ago
I’m confused about D; while vulnerability scanning progress is important, it seems more tactical than strategic for senior management.
upvoted 0 times
...
Izetta
24 days ago
I feel like emerging security technologies could be relevant, but I don’t think they directly address the current risk situation.
upvoted 0 times
...
Floyd
29 days ago
I remember a practice question that emphasized the importance of defined risk appetite, so I’m leaning towards C.
upvoted 0 times
...
Trina
1 month ago
I think the answer might be B, but I'm not entirely sure if risk profile changes are the most critical to communicate.
upvoted 0 times
...
Nana
1 month ago
Based on what we've covered in class, I believe B is the most appropriate choice. Highlighting changes to the risk profile is a critical part of risk reporting to senior management.
upvoted 0 times
...
Lyndia
1 month ago
I'm a bit confused on this one. I'll need to think it through carefully and consider the nuances of each option before deciding.
upvoted 0 times
...
Lavera
2 months ago
I'm pretty confident that C is the best answer here. Defining the organization's risk appetite is crucial for effectively communicating information risk to senior management.
upvoted 0 times
...
Jacinta
2 months ago
Hmm, this is a tricky one. I'm not entirely sure which option is the most appropriate. I might need to review my notes on risk communication to senior leadership.
upvoted 0 times
...
Carmen
2 months ago
I think the key here is to focus on communicating the most relevant information to senior management. B and C seem like the most appropriate options, as they deal directly with risk management.
upvoted 0 times
...

Save Cancel