Which of the following should an information security manager perform FIRST when an organization’s residual risk has increased?
A. Implement security measures to reduce the risk.
B. Communicate the information to senior management.
C. Transfer the risk to third parties.
D. Assess the business impact.
A. Implement security measures to reduce the risk.
B. Communicate the information to senior management.
C. Transfer the risk to third parties.
D. Assess the business impact.