CISM Certified Information Security Manager – Question1285

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

A.
Maximum tolerable outage (MTO)
B. Cost-benefit analysis of mitigating controls
C. Annual loss expectancy (ALE)
D. Approved annual budget

Correct Answer: B