A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

  • A. Update risk tolerance levels.
  • B. Notify senior management and the board.
  • C. Monitor the environment for changes.
  • D. Re-evaluate the organization?€™s risk appetite.

My opinion: Since the risk is “formally accepted and documented” – which means the risk assessment is completely done, hence A and B is no longer valid, but leave me with C and D. I have tendency to choose C (since nothing else an IS manager can do at this juncture) but some portal answered it is D. I need help to understand why D can be a valid choice and what is the expert answer?

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
Looking for a Similar Assignment? Our Experts can help. Use the coupon code SAVE30 to get your first order at 30% off!