CISM Certified Information Security Manager – Question0990

A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

A.
Update risk tolerance levels.
B. Notify senior management and the board.
C. Monitor the environment for changes.
D. Re-evaluate the organization’s risk appetite.

Correct Answer: D