The risk subcommittee of a corporate board typically maintains a master register of the

most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

A. IT systems are maintained in silos to minimize interconnected risks and provide clear

risk boundaries used to implement compensating controls

B. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness

C. corporate general counsel requires a single sy

stem boundary to determine overall corporate risk exposure

D. major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns