Which of the following is the MAIN objective of a risk management program? A. Reduce corporate liability for information security incidents. B. Reduce risk to the level of the organization's risk appetite C. Reduce risk to the maximum extent possible D. Reduce costs associated with incident response. Suggested Answer: B This question is in CISM exam For getting Certified Information Security Manager Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams. Trademarks, certification & product names are used for reference only and belong to ISACA.
Please login or Register to submit your answer