During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
A. Recommend the formation of an executive risk council to oversee IT risk
B. Provide an estimate of IT system downtime if IT risk materializes
C. Describe IT risk scenarios in terms of business risk
D. Educate business executives on IT risk concepts
A. Recommend the formation of an executive risk council to oversee IT risk
B. Provide an estimate of IT system downtime if IT risk materializes
C. Describe IT risk scenarios in terms of business risk
D. Educate business executives on IT risk concepts