Establishing the level of acceptable risk is the responsibility of:
A . quality assurance management.
B . senior business management.
C . the chief information officer.
D . the chief security officer.
Answer: B
Explanation:
Senior management should establish the acceptable risk level, since they have the ultimate or final responsibility for the effective and efficient operation of the organization. Choices A, C and D should act as advisors to senior management in determining an acceptable risk level.