Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager’s most important action is to:
A. provide senior management with risk treatment options.
B. design and implement controls to reduce the risk.
C. consult external third parties on how to treat the risk.
D. ensure that employees are aware of the risk.
A. provide senior management with risk treatment options.
B. design and implement controls to reduce the risk.
C. consult external third parties on how to treat the risk.
D. ensure that employees are aware of the risk.