After assessing and mitigating the risks of a web application, who should decide on the
acceptance of residual application risks?
A.
Information security officer
B.
Chief information officer (CIO)
C.
Business owner
D.
Chief executive officer (CF.O)
Explanation:
The business owner of the application needs to understand and accept the residual application
risks.