CRISC Certified in Risk and Information Systems Control – Question432

Which of the following should be the MOST important consideration when determining controls necessary for a highly critical information system?

A.
The number of vulnerabilities to the system
B. The level of acceptable risk to the organization
C. The organization’s available budget
D. The number of threats to the system

Correct Answer: A