CISM Certified Information Security Manager – Question0361

An organization’s marketing department wants to use an online collaboration service which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

A.
the information security manager
B. business senior management
C. the chief risk officer
D. the compliance officer.

Correct Answer: D