CISM Certified Information Security Manager – Question1482

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

A.
Formally document the decision.
B. Review the risk monitoring plan.
C. Perform a risk reassessment.
D. Implement the recommendations.

Correct Answer: A