During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?
Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?
What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?
Which of the following should be the MOST important consideration for senior management when developing a risk response strategy?
An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?
