The decision as to whether a risk has been reduced to an acceptable level should be determined by:

Posted by: Pdfprep Category: CISM Tags: , ,

The decision as to whether a risk has been reduced to an acceptable level should be determined by:
A . organizational requirements.
B . information systems requirements.
C . information security requirements.
D . international standards.

Answer: A

Explanation:

Organizational requirements should determine when a risk has been reduced to an acceptable level. Information systems and information security should not make the ultimate determination. Since each organization is unique, international standards of best practice do not represent the best solution.

Leave a Reply

Your email address will not be published.