Exceptions to a security policy should be approved based PRIMARILY on:
A. risk appetite.
B. the external threat probability.
C. results of a business impact analysis (BIA).
D. the number of security incidents.
A. risk appetite.
B. the external threat probability.
C. results of a business impact analysis (BIA).
D. the number of security incidents.