🔥 3-day streak
ISACA CISM — Certified Information Security Manager52 / 121
Question 52 of 121
During a risk assessment for a new customer-facing payment portal, a business unit leader argues that the risk should be rated as 'low' because the organization already has strong web application firewalls, encryption, and multifactor authentication in place. The information security manager wants the assessment to first establish an accurate baseline before comparing it against these safeguards. Which risk value should the information security manager insist on documenting first?
Reviewed for accuracy · Report an issueNext question