🔥 3-day streak
ISACA CISM — Certified Information Security Manager72 / 121
Question 72 of 121

During a qualitative risk assessment, an information security manager notices that different business unit leaders rate the same shared risk scenario very differently — one calls the impact 'high' while another calls it 'low' — because each interprets the rating scales based on their own judgment. What should the security manager do FIRST to improve the reliability of the assessment?

Reviewed for accuracy · Report an issueNext question