CISM Certified Information Security Manager – Question0357

The objective of risk management is to reduce risk to the minimum level that is:

A.
compliant with security policies
B. practical given industry and regulatory environments.
C. achievable from technical and financial perspectives.
D. acceptable given the preference of the organization.

Correct Answer: A