Acceptable levels of information security risk should be determined by:

Acceptable levels of information security risk should be determined by:

Acceptable levels of information security risk should be determined by:

A.
legal counsel.

B.
security management.

C.
external auditors.

D.
die steering committee.

Explanation:

Senior management, represented in the steering committee, has ultimate responsibility for
determining what levels of risk the organization is willing to assume. Legal counsel, the external
auditors and security management are not in a position to make such a decision.

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

John

John

Understand that the correct answer here is “steering committee” — but what is a “die steering committee”? I’m thinking this is a type – and should have been just “steering committee” or possibly “the steering committee”.

Reply