CISM - Information Security Risk Management - Section 2.6

Monitor and report on information security risk, including non-compliance and changes in the risk profile, to key stakeholders.

Monitor the organisation's risk profile using key risk indicators (KRIs) and report changes in risk posture, non-compliance events, and emerging exposures to key stakeholders. Tailor risk reporting content and format to the audience, distinguishing between operational-level detail and the summary view appropriate for executive and board communication.

Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.