Capability maturity models are the models that are used by the enterprise to rate itself in terms of
the least mature level to the most mature level. Which of the following capability maturity levels
shows that the enterprise does not recognize the need to consider the risk management or the
business impact from IT risk?
A.
Level 2
B.
Level 0
C.
Level 3
D.
Level 1
Explanation:
0 nonexistent: An enterprise’s risk management capability maturity level is 0 when:
The enterprise does not recognize the need to consider the risk management or the business
impact from IT risk.
Decisions involving risk lack credible information.
Awareness of external requirements for risk management and integration with enterprise risk
management (ERM) do not exists.
this enterprise is mature enough to recognize the importance of risk management.