Objective of Risk Management in CISM Exam: Minimizing Risk Level |

A.

The objective of risk management is to reduce risk to the minimum level that is practical given industry and regulatory environments. This means that the goal of risk management is not to eliminate all risk but to mitigate it to a level that is acceptable within the context of the organization's specific industry and regulatory requirements.

Option A, "compliant with security policies," is not a complete answer because compliance with security policies is only one aspect of risk management. Risk management involves a broader approach that includes assessing, mitigating, and monitoring risks, and ensuring that the organization's security policies align with the organization's risk management strategy.

Option C, "achievable from technical and financial perspectives," is also not a complete answer because risk management is not just about what is achievable from a technical and financial perspective, but also what is practical given the industry and regulatory environment.

Option D, "acceptable given the preference of the organization," is not a complete answer because risk management is not solely about the preferences of the organization, but about managing risks in a way that aligns with industry and regulatory requirements and best practices.

Therefore, option B is the correct answer as it highlights that risk management should strike a balance between reducing risk to a practical minimum level given the specific industry and regulatory environments in which the organization operates.