If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST: - InfraExam 2022

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

Post author:Admin
Post published:December 22, 2021
Post category:Uncategorized
Post comments:0 Comments
Post last modified:December 22, 2021
Reading time:1 mins read

Last Updated on December 22, 2021 by Admin

CISM : Part 1 - 40
CISA : Part 41 - 80

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

implement controls to mitigate the risk to an acceptable level.
recommend that management avoids the business activity.
assess the gap between current and acceptable level of risk.
transfer risk to a third party to avoid cost of impact.

CISM : Part 1 - 40
CISA : Part 41 - 80

0 0 votes

Article Rating

Subscribe

0 Comments

Inline Feedbacks

View all comments

0

Would love your thoughts, please comment.x

()