If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 22, 2021
  • Reading time:1 mins read

Last Updated on December 22, 2021 by Admin

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

  • implement controls to mitigate the risk to an acceptable level.
  • recommend that management avoids the business activity.
  • assess the gap between current and acceptable level of risk.
  • transfer risk to a third party to avoid cost of impact.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments