A risk management approach to information protection is:
A.
managing risks to an acceptable level, commensurate with goals and objectives.
B.
accepting the security posture provided by commercial security products.
C.
implementing a training program to educate individuals on information protection and risks.
D.
managing risk tools to ensure that they assess all information protection vulnerabilities.
Explanation:
Risk management is identifying all risks within an organization, establishing an acceptable level of
risk and effectively managing risks which may include mitigation or transfer. Accepting the
security- posture provided by commercial security products is an approach that would be limited to
technology components and may not address all business operations of the organization.
Education is a part of the overall risk management process. Tools may be limited to technology
and would not address non-technology risks.