A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?
A. Determine a lower-cost approach to remediation.
B. Document and schedule a date to revisit the issue.
C. Shut down the business application.
D. Document and escalate to senior management.
A. Determine a lower-cost approach to remediation.
B. Document and schedule a date to revisit the issue.
C. Shut down the business application.
D. Document and escalate to senior management.