Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?
Performing a risk assessment gives a holistic and objective understanding of the threats, vulnerabilities, and controls across the organization. It reveals actual risk exposures and the effectiveness of current controls, which directly reflect the organization’s security posture.
“Risk assessments identify and evaluate risk and provide the basis for determining how those risks should be managed and mitigated.”
According to ISACA’s CISM Practice Question Database, performing a risk assessment is prioritized over reviewing documents or conducting interviews because it offers direct insight into current exposures and control effectiveness.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit