The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:
A. number of IT systems affected.
B. impact to the enterprise.
C. funds required for remediation.
D. criticality of IT services affected.
A. number of IT systems affected.
B. impact to the enterprise.
C. funds required for remediation.
D. criticality of IT services affected.