
Explanation:
The senior management and executives of an organization play a pivotal role in the evaluation and management of cyber risk. This is highlighted in the Basel Committee Report on Cyber Resilience. Just like with other types of risks, the senior management is ultimately responsible for promoting and maintaining cyber resilience within their institutions. They have the authority and responsibility to streamline and resolve any issues that might arise during the process of implementing a solution against cyber risk. In the given scenario, the disagreement between the information security manager and the business department manager can be resolved by involving the senior management. They can review the report, provide their inputs, and make the final decision. This approach ensures that the decision is made at the highest level, taking into consideration the overall strategic objectives and risk appetite of the organization.
Choice A is incorrect. While the information security manager's decision on the risk to the bank is important, it should not be accepted and implemented without considering other perspectives. The information security manager may have a deep understanding of cyber threats and vulnerabilities, but they might lack a comprehensive view of business operations and strategic objectives.
Choice B is incorrect. Similarly, accepting and implementing the business department manager’s decision on the risk to the bank would also be inappropriate. Although this individual understands business operations, they may lack the technical expertise needed to fully assess cyber risks.
Ultimate access to all questions.
No comments yet.
Q.4273 Exim Bank has just completed a risk assessment and business impact analysis (BIA) with respect to cyber-attacks and the latest emerging threats and vulnerabilities in the cyber space. However, the bank’s information security manager and business department manager don’t seem to agree on who will ultimately be responsible for detailed evaluation of the results and risk analysis. Which of the following would be the best cause of action in these circumstances?
A
Acceptance and implementation of the information security manager’s decision on the risk to the bank
B
Acceptance and implementation of the business department manager’s decision on the risk to the bank
C
Creation of a new risk assessment and BIA plan to iron out the differences
D
Review the report with senior management for final input