Which of the following is not a characteristic of a company with a security governance program in place?
Which of the following official risk methodologies was not created for the purpose of analyzing security risks?