An organization has experienced several incidents of extended network outages that have exceeded tolerance. Which of the following should be the risk practitioner’s FIRST step to address this situation?
A. Recommend a root cause analysis of the incidents
B. Update the risk tolerance level to acceptable thresholds
C. Recommend additional controls to address the risk
D. Update the incident-related risk trend in the risk register
A. Recommend a root cause analysis of the incidents
B. Update the risk tolerance level to acceptable thresholds
C. Recommend additional controls to address the risk
D. Update the incident-related risk trend in the risk register