A risk assessment and business impact analysis (BIA) have been completed for a major proposed
purchase and new process for an organization. There is disagreement between the information
security manager and the business department manager who will own the process regarding the
results and the assigned risk. Which of the following would be the BES T approach of the
information security manager?
A.
Acceptance of the business manager’s decision on the risk to the corporation
B.
Acceptance of the information security manager’s decision on the risk to the corporation
C.
Review of the assessment with executive management for final input
D.
A new risk assessment and BIA are needed to resolve the disagreement
Explanation:
Executive management must be supportive of the process and fully understand and agree with the
results since risk management decisions can often have a large financial impact and require major
changes. Risk management means different things to different people, depending upon their role
in the organization, so the input of executive management is important to the process.