New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 3 Question 62 Discussion

Actual exam question for Isaca's CISM exam
Question #: 62
Topic #: 3
[All CISM Questions]

Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

Show Suggested Answer Hide Answer
Suggested Answer: A

When preventive controls to appropriately mitigate risk are not feasible, the most important action for the information security manager is to manage the impact, which means taking measures to reduce the likelihood or severity of the consequences of the risk. Managing the impact can involve using alternative controls, such as engineering, administrative, or personal protective controls, that can lower the exposure or harm to the organization. The other options, such as identifying unacceptable risk levels, assessing vulnerabilities, or evaluating potential threats, are part of the risk assessment process, but they are not actions to mitigate risk when preventive controls are not feasible. Reference:

https://bcmmetrics.com/risk-mitigation-evaluating-your-controls/

https://www.osha.gov/safety-management/hazard-prevention

https://www.cdc.gov/niosh/topics/hierarchy/default.html


by Carlee at Sep 03, 2023, 03:43 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lillian
3 months ago
Really? I doubt ROI is the most important.
upvoted 0 times
...
Krissy
3 months ago
Wait, target audience? That seems off.
upvoted 0 times
...
Glennis
4 months ago
Criticality of information should be top priority!
upvoted 0 times
...
Peggie
4 months ago
I think compliance requirements are more crucial.
upvoted 0 times
...
Corazon
4 months ago
ROI is definitely a key factor!
upvoted 0 times
...
Harrison
4 months ago
I vaguely recall that the target audience might influence KRI selection, but I can't remember how it fits into the bigger picture.
upvoted 0 times
...
Arlette
4 months ago
I’m torn between ROI and criticality of information. ROI seems important for justifying investments, but I feel like the criticality could outweigh that.
upvoted 0 times
...
Afton
5 months ago
I remember a practice question that emphasized compliance requirements as a key factor. It makes sense since organizations need to adhere to regulations.
upvoted 0 times
...
Sarah
5 months ago
I think the criticality of information might be the most important factor, but I'm not entirely sure. It seems like it could really impact decision-making.
upvoted 0 times
...
Omega
5 months ago
Based on our discussions in class, I believe the compliance requirements would be the most important factor in selecting a KRI.
upvoted 0 times
...
Vilma
5 months ago
I'm a bit confused on the differences between the options. I'll need to re-read the question and consider each factor carefully.
upvoted 0 times
...
Whitley
5 months ago
I've got this! The criticality of the information is definitely the most important factor in choosing a KRI.
upvoted 0 times
...
Denise
5 months ago
Hmm, I'm not sure about this. I'll have to review my notes on KRIs to figure out the most important factor.
upvoted 0 times
...
Earleen
5 months ago
This is a tricky one. I'll need to think carefully about the key factors in selecting a KRI.
upvoted 0 times
...
Markus
5 months ago
Okay, let's see. I know Cisco UCS supports different service profile templates, but I can't quite recall the specific types. I'll have to use my process of elimination here.
upvoted 0 times
...
Jina
5 months ago
Okay, I think I've got this. The key is to configure the View authentication setting on the Horizon View Connection broker to "Not Allowed" and then create a Kerberos authenticator on VMware Identity Manager. That way, users will be forced to authenticate through VMware Identity Manager before they can access the Horizon View desktop. Option C looks like the right choice.
upvoted 0 times
...
Lanie
5 months ago
Hmm, I'm a little confused on this one. I know functional testing is about testing the system's behavior, but I'm not sure if that's the same as black box testing. I'll have to think this through a bit more.
upvoted 0 times
...
Terrilyn
5 months ago
Okay, the key here is that the question is asking about the auditor's responsibility for discovering illegal acts. So I'm going to eliminate the options that don't seem directly related to that.
upvoted 0 times
...
Ardella
9 months ago
Can we get a 'None of the Above' option? I'm feeling more confused than a cat on a hot tin roof here.
upvoted 0 times
...
Leonie
9 months ago
ROI? Really? This isn't a get-rich-quick scheme, it's risk management. I say go with D - criticality of information all the way!
upvoted 0 times
Elmer
8 months ago
ROI is important in the long run, but we can't overlook the criticality of information in risk management.
upvoted 0 times
...
Sherrell
8 months ago
Target audience is important too, we need to focus on what matters most to them.
upvoted 0 times
...
Carey
8 months ago
Target audience can help tailor the KRI to specific needs within the organization.
upvoted 0 times
...
Paola
8 months ago
Compliance requirements should also be considered to ensure the organization is meeting regulations.
upvoted 0 times
...
Ruth
8 months ago
Compliance requirements should also be considered to avoid legal issues.
upvoted 0 times
...
Julio
8 months ago
I agree, criticality of information is key for risk management.
upvoted 0 times
...
Jeniffer
9 months ago
I agree, criticality of information is crucial for selecting key risk indicators.
upvoted 0 times
...
...
Lynelle
10 months ago
Hmm, I'm gonna go with target audience. I mean, what's the point of a KRI if it doesn't resonate with the people who need to use it?
upvoted 0 times
...
Jody
10 months ago
Compliance requirements are a no-brainer. If the KRI doesn't meet regulatory standards, it's pretty much useless, right?
upvoted 0 times
Gracie
9 months ago
Compliance requirements should always be the main focus when choosing a key risk indicator.
upvoted 0 times
...
Shawnta
9 months ago
I agree, compliance is a top priority when selecting a KRI.
upvoted 0 times
...
Elke
9 months ago
Compliance requirements are definitely crucial. Without meeting regulations, the KRI is ineffective.
upvoted 0 times
...
...
Hubert
10 months ago
I think the criticality of information is the most important factor in selecting a KRI. After all, if the information isn't critical, why bother tracking it?
upvoted 0 times
Ciara
8 months ago
Return on investment is always a factor, we need to make sure we are getting value from tracking these KRIs.
upvoted 0 times
...
Kristeen
8 months ago
Target audience is important too, we need to focus on what matters most to them.
upvoted 0 times
...
Coletta
9 months ago
Compliance requirements should also be considered, we need to ensure we are meeting all regulations.
upvoted 0 times
...
Gladys
9 months ago
I agree, the criticality of information is crucial for selecting a KRI.
upvoted 0 times
...
...
Brande
10 months ago
But don't you think the target audience should also be considered?
upvoted 0 times
...
Della
11 months ago
I disagree, I believe the criticality of information is the key factor.
upvoted 0 times
...
Brande
11 months ago
I think compliance requirements are the most important factor.
upvoted 0 times
...

Save Cancel