In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:
In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:
In an organization with a rapidly changing environment, it is crucial for the information security manager to ensure that the rationale for the accepted information security risk is periodically reviewed. This ensures that any changes in the environment or business context that may affect the level of risk are considered and reassessed. Documenting change activities or ensuring compliance with the risk acceptance framework, while important, do not directly address the dynamic nature of risk in a rapidly changing environment. Similarly, while aligning the acceptance with business strategy is important, it is the periodic review that ensures ongoing alignment and appropriateness of the risk acceptance in light of new developments.
Correct Answer is C: Bcas, rapidly changing environment; hence the risk should be reassessed periodically and approval also require to re-revisit periodically.
D is the right answer since we need to ascertain why the risk was accpeted and whether is as per needs of the business
C. the rationale for acceptance is periodically reviewed.