In risk assessment, after the identification of threats to organizational assets, the information security manager would:
A. evaluate the controls currently in place.
B. implement controls to achieve target risk levels.
C. request funding for the security program.
D. determine threats to be reported to upper management.
A. evaluate the controls currently in place.
B. implement controls to achieve target risk levels.
C. request funding for the security program.
D. determine threats to be reported to upper management.