An information security manager's PRIMARY objective for presenting key risks to the board of directors is to:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The primary objective of presenting key risks to the board of directors by the information security manager is to ensure appropriate information security governance. Information security governance refers to the processes, policies, and procedures used by organizations to manage and protect their information assets.
Presenting key risks to the board of directors helps ensure that the organization's information security strategy is aligned with its overall business objectives, and that the board of directors is aware of the risks and the potential impact they can have on the organization. This enables the board of directors to make informed decisions about the allocation of resources to manage those risks effectively.
Re-evaluating the risk appetite is not the primary objective of presenting key risks to the board of directors. While presenting key risks can inform discussions about risk appetite, the primary objective is to ensure appropriate information security governance.
Quantifying reputational risks is also not the primary objective of presenting key risks to the board of directors. While reputational risks may be an important consideration, the primary objective is to ensure appropriate information security governance.
Meeting information security compliance requirements is also not the primary objective of presenting key risks to the board of directors. While compliance is important, the primary objective is to ensure appropriate information security governance, which encompasses more than just compliance.