Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?
A.
Average the business units' IT risk levels.
B.
Identify the highest-rated IT risk level among the business units.
C.
Establish a global IT risk scoring criteria.
D.
Prioritize the organization's IT risk scenarios.
Prioritizing risks for IT risk scenarios across the organization allows you to understand which risks have the most impact and how much they affect the strategic risk objectives of the organization. This allows you to effectively prioritize risk management and allocate resources.
Therefore, prioritizing IT risk scenarios across the organization is more appropriate for determining the overall IT risk tolerance of the organization than simply averaging the IT risk levels of each business unit or identifying the highest rating. This allows risk management to be aligned with the strategic risk objectives of the organization.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ziutek_
Highly Voted 1 year, 11 months agomolyneachieng21
Most Recent 2 months, 3 weeks agoSwallows
4 months, 3 weeks ago3008
11 months, 3 weeks ago