CISM Certified Information Security Manager – Question0439

Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?

A.
Remediate the risk and document the rationale.
B. Update the risk register with the risk acceptance.
C. Communicate the remediation plan to the board of directors.
D. Report the risk acceptance to regulatory agencies.

Correct Answer: A