Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 106 Discussion

Actual exam question for Isaca's CISM exam
Question #: 106
Topic #: 2
[All CISM Questions]

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Show Suggested Answer Hide Answer
Suggested Answer: B

Risk profile changes are the most appropriate to communicate to senior management regarding information risk because they reflect the current level and nature of the risks that the organization faces and how they may affect its objectives and performance. Senior management needs to be aware of any changes in the risk profile so that they can make informed decisions and allocate resources accordingly. Risk profile changes also help senior management monitor the effectiveness of the risk management process and identify any gaps or weaknesses that need to be addressed.

Reference=Communicating Information Security Risk Simply and Effectively, Part 1,CISM Domain 2: Information Risk Management (IRM) [2022 update]


by Ceola at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Caprice
1 day ago
Agreed with B! We need to keep management in the loop.
upvoted 0 times
...
Goldie
6 days ago
Wait, are we really discussing emerging tech over actual risks?
upvoted 0 times
...
Jaime
11 days ago
I think C) Defined risk appetite is more important.
upvoted 0 times
...
Benedict
17 days ago
Definitely B) Risk profile changes. That's crucial info!
upvoted 0 times
...
Eun
22 days ago
I'd like to see the senior management's risk appetite - maybe they're adrenaline junkies who want us to hack the mainframe for fun!
upvoted 0 times
...
Tambra
27 days ago
D) Vulnerability scanning progress is good to report, but it doesn't address the overall risk picture like B) and C) do.
upvoted 0 times
...
My
2 months ago
A) Emerging security technologies could be useful, but B) and C) are more directly relevant to information risk.
upvoted 0 times
...
Gwenn
2 months ago
C) Defined risk appetite is also important for senior management to understand.
upvoted 0 times
...
Lavonda
2 months ago
B) Risk profile changes is the most appropriate to communicate to senior management regarding information risk.
upvoted 0 times
...
Geoffrey
2 months ago
I’m confused about D; while vulnerability scanning progress is important, it seems more tactical than strategic for senior management.
upvoted 0 times
...
Izetta
2 months ago
I feel like emerging security technologies could be relevant, but I don’t think they directly address the current risk situation.
upvoted 0 times
...
Floyd
2 months ago
I remember a practice question that emphasized the importance of defined risk appetite, so I’m leaning towards C.
upvoted 0 times
...
Trina
3 months ago
I think the answer might be B, but I'm not entirely sure if risk profile changes are the most critical to communicate.
upvoted 0 times
...
Nana
3 months ago
Based on what we've covered in class, I believe B is the most appropriate choice. Highlighting changes to the risk profile is a critical part of risk reporting to senior management.
upvoted 0 times
...
Lyndia
3 months ago
I'm a bit confused on this one. I'll need to think it through carefully and consider the nuances of each option before deciding.
upvoted 0 times
...
Lavera
3 months ago
I'm pretty confident that C is the best answer here. Defining the organization's risk appetite is crucial for effectively communicating information risk to senior management.
upvoted 0 times
...
Jacinta
3 months ago
Hmm, this is a tricky one. I'm not entirely sure which option is the most appropriate. I might need to review my notes on risk communication to senior leadership.
upvoted 0 times
...
Carmen
3 months ago
I think the key here is to focus on communicating the most relevant information to senior management. B and C seem like the most appropriate options, as they deal directly with risk management.
upvoted 0 times
...

Save Cancel