Isaca CISM Exam - Topic 4 Question 83 Discussion

Actual exam question for Isaca's CISM exam

Question #: 83
Topic #: 4

[All CISM Questions]

Which of the following BEST enables the assignment of risk and control ownership?

AAligning to an industry-recognized control framework

BAdopting a risk management framework

CObtaining senior management buy-in

DDeveloping an information security strategy

Show Suggested Answer

Suggested Answer: C

Obtaining senior management buy-in is the best way to enable the assignment of risk and control ownership because it helps to establish the authority and accountability of the risk and control owners, as well as to provide them with the necessary resources and support to perform their roles. Risk and control ownership refers to the assignment of specific responsibilities and accountabilities for managing risks and controls to individuals or groups within the organization. Obtaining senior management buy-in helps to ensure that risk and control ownership is aligned with the organizational objectives, structure, and culture, as well as to communicate the expectations and benefits of risk and control ownership to all stakeholders. Therefore, obtaining senior management buy-in is the correct answer.

https://www.protechtgroup.com/en-au/blog/risk-control-management

https://www.mckinsey.com/~/media/mckinsey/dotcom/client_service/risk/working%20papers/23_getting_risk_ownership_right.ashx

https://www.linkedin.com/pulse/risk-controls-who-owns-them-david-tattam

by Leonor at Sep 17, 2024, 04:58 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gennie

3 months ago

D seems too broad for assigning specific risks.

upvoted 0 times

...

Janna

3 months ago

C is crucial, can't overlook management buy-in!

upvoted 0 times

...

Lettie

3 months ago

Surprised that people think A is best!

upvoted 0 times

...

Glenn

4 months ago

I think B is more effective for ownership.

upvoted 0 times

...

Tabetha

4 months ago

A is definitely the way to go!

upvoted 0 times

...

Henriette

4 months ago

Developing an information security strategy sounds important, but I feel like it might be more about implementation than ownership assignment.

upvoted 0 times

...

Desire

4 months ago

I'm a bit confused about the role of senior management buy-in in this context. Does it really help with assigning ownership?

upvoted 0 times

...

Aide

4 months ago

I remember practicing a question similar to this, and I think adopting a risk management framework was emphasized as crucial for clarity in roles.

upvoted 0 times

...

Veronique

5 months ago

I think aligning to an industry-recognized control framework might be the best option, but I'm not entirely sure how it directly relates to ownership.

upvoted 0 times

...

Gwenn

5 months ago

I feel pretty confident that aligning to an industry-recognized control framework is the right answer here. That's the approach I'm going with.

upvoted 0 times

...

Jennifer

5 months ago

Developing an information security strategy seems like it could be relevant, but I'm not sure if it's the BEST approach for assigning risk and control ownership specifically.

upvoted 0 times

...

Leonora

5 months ago

Obtaining senior management buy-in is key for this type of initiative, so I'm leaning towards that as the best answer.

upvoted 0 times

...

Vivan

5 months ago

Hmm, I'm a bit unsure about this one. I'm trying to decide between the control framework and the risk management framework options. I'll need to think it through carefully.

upvoted 0 times

...

Florinda

5 months ago

This one seems pretty straightforward. I think aligning to an industry-recognized control framework is the best way to enable the assignment of risk and control ownership.

upvoted 0 times

...

Emily

5 months ago

Ah, I remember learning about this in class. PAM modules are stored as shared object files in the /lib/ directory hierarchy, so I'll choose option D.

upvoted 0 times

...

Farrah

1 year ago

I agree with Mable, it provides a structured approach to assigning risk and control ownership.

upvoted 0 times

...

Mammie

1 year ago

But obtaining senior management buy-in is also crucial for effective risk management.

upvoted 0 times

...

Corinne

1 year ago

Did someone say 'risk ownership'? That's my middle name! Option A all the way, gotta align with those industry standards, you know?

upvoted 0 times

Sina

1 year ago

Absolutely, it sets a solid foundation for managing risks.

upvoted 0 times

...

Sheron

1 year ago

It's important to have that alignment for effective risk management.

upvoted 0 times

...

Angelyn

1 year ago

Definitely, it helps in assigning clear ownership of risk and control.

upvoted 0 times

...

Alethea

1 year ago

I agree, aligning to an industry-recognized control framework is key.

upvoted 0 times

...

Mattie

1 year ago

Ah, the old 'risk ownership' dilemma. I'd go with D - gotta have that information security strategy to know what we're even dealing with!

upvoted 0 times

Jaclyn

1 year ago

D) Developing an information security strategy

upvoted 0 times

...

Renea

1 year ago

C) Obtaining senior management buy-in

upvoted 0 times

...

Earlean

1 year ago

B) Adopting a risk management framework

upvoted 0 times

...

Edelmira

1 year ago

A) Aligning to an industry-recognized control framework

upvoted 0 times

...

Aileen

1 year ago

Hmm, I'm torn between B and C. Both seem important, but I'd say C is the most critical step to get the ball rolling.

upvoted 0 times

...

Micah

1 year ago

C is the way to go. Without senior management buy-in, it's gonna be really tough to get the necessary resources and support for risk ownership.

upvoted 0 times

Talia

1 year ago

D) Developing an information security strategy

upvoted 0 times

...

Matthew

1 year ago

C) Obtaining senior management buy-in

upvoted 0 times

...

Jamika

1 year ago

B) Adopting a risk management framework

upvoted 0 times

...

Gerald

1 year ago

A) Aligning to an industry-recognized control framework

upvoted 0 times

...

Mable

1 year ago

I think the best way is to align to an industry-recognized control framework.

upvoted 0 times

...

Jerilyn

1 year ago

I think option B is the best choice here. Adopting a risk management framework is crucial for assigning risk and control ownership.

upvoted 0 times

Ligia

1 year ago

I think obtaining senior management buy-in is also important for assigning risk and control ownership.

upvoted 0 times

...

Honey

1 year ago

I agree, adopting a risk management framework is essential for assigning ownership.

upvoted 0 times

...