CISM Certified Information Security Manager – Question0407

Risk acceptance is a component of which of the following?

A.
Assessment
B. Mitigation
C. Evaluation
D. Monitoring

Correct Answer: B

Explanation:

Explanation: Risk acceptance is one of the alternatives to be considered in the risk mitigation process. Assessment and evaluation are components of the risk analysis process. Risk acceptance is not a component of monitoring.