CRISC Certified in Risk and Information Systems Control – Question849

An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

A.
accepted.
B. transferred.
C. avoided.
D. mitigated.

Correct Answer: A