Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
A . Implement more stringent countermeasures.
B . Evaluate whether an excessive level of control is being applied.
C . Ask senior management to increase the acceptable risk levels
D . Ask senior management to lower the acceptable risk levels.
Answer: B
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund