Is it just me, or do others think as well that the question itself is flawed? An acceptable risk level must be determined by the senior management with support of the information security manager for informed decision making. It is something much bigger than talking about a single IT asset or system as answer option B implies.
B. System criticalities
When determining an acceptable risk level, the most important consideration is the criticality of the systems or assets in question. This means understanding the importance of these systems to the organization's core operations and objectives. The criticality of a system or asset directly impacts the acceptable level of risk because more critical systems typically have lower tolerance for risk.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Josef4CISM
1 week, 3 days agonuel_12
7 months, 2 weeks agooluchecpoint
1 year, 2 months agoLotanna_
1 year, 3 months agoddharia94
1 year, 4 months agorichck102
1 year, 5 months ago