The risk subcommittee of a corporate board typically maintains a master register of the most
prominent risks to the company. a centralized holistic view of risk is particularly important to the
corporate chief information security officer (ciso) because:
a. it systems are maintained in silos to minimize interconnected risks and provide clear risk
boundaries used to implement compensating controls
b. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness
c. corporate general counsel requires a single system boundary to determine overall corporate risk exposure
d. major risks identified by the subcommittee merit the prioritized allocation of scare funding to
address cybersecurity concerns