Question: Exceptions to a security policy should be approved based PRIMARILY on: A. risk appetite B. the external threat probability. C. results of a business impact

Exceptions to a security policy should be approved based PRIMARILY on:

A. risk appetite

B. the external threat probability.

C. results of a business impact analysis (BIA).

D. the number of security incidents.

Correct Answer: A????? or C???????

______________________

Note

The official answer (could be incorrect because NO comes from ISACA!) is: "C. results of a business impact analysis (BIA)".

Other experts claim that the correct answer is: "A. risk appetite".

Your expert opinion (and explanation) is strongly requested. Many thanks in advance.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Impact analysis report Case scenario Task is below the case scenario You are an ICT technician. As part of your job role you are required to back up system, restore information, secure the system and...

Q:

need detailed answers for the each question Security program development is PRIMARILY driven by which of the following? A. Regulatory requirements B. Business strategy C. Risk appetite D. Available...

Q:

need detailed answer for each question: Following a successful attack, an information security manager should be confident the malware has not continued to spread at the completion of which incident...

Q:

1 WILMINGTON UNIVERSITY LIBRARY Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) 2 WILMU LIBRARY SERVICES 20,000 student population served 13 physical locations of access to university...

Q:

Business impact analysis The UCSF Business Impact Analysis (BIA) process identifies and evaluates the potential effects (financial, life/safety, regulatory, legal/contractual, reputational and so...

Q:

need a detailed answer for each question Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals? A....

Q:

need detailed answer to each question Which of the following is the MOST important input to the development of an effective information security strategy? A. Well-defined security policies and...

Q:

Which of the following is the best description of the Business Impact Assessment? Top of Form Identifies and prioritizes business processes based on criticality Prioritizes IT processes and provides...

Q:

SUBDOMAINS: 325.3 SOLVING PROBLEMS & MAKING DECISIONS 326.3 EVALUATING ECONOMICS OF MANAGEMENT DECISIONS 326.4 MANAGING ENTERPRISE RISK & CONTINUITY 329.5 USING INFORMATION SYSTEMS FOR COMPETITIVE...

Q:

need detailed answer for each question Which of the following is an information security manager's MOST important action to mitigate the risk associated with malicious software? A. Disabling end-user...

Q:

You design a Carrot engine that operates between temperatures of 500 K and 400 K and produces 2000 J of work in each cycle. (a) Calculate your engine's efficiency. (b) Calculate the amount of beat...

Q:

A company that produces universal remote controls wanted to determine the number of remote control devices American homes contain. The company hired a statistician to survey 240 randomly selected...

Q:

IN YEAR 1 , A COMPANY RECEIVES ACSH FOR A SERVICE TO BE PERformed in year 2 . The impact on year 2 financial statements is a decrease in deferred revenue and an increase in service revenue true or...

Q:

17500 js nkt correct for the semiannual interest rate and i dont know what im doinh wrong 1 1. Calculate the price of a bond using the Excel PV function ? BB: FILE HOME 10 points X Bond Pricing -...

Q:

KEY QUESTION Use a demand and supply model to explain the impact of occupational segregation or crowding on the relative wage rates and earnings of men and women. Who gains and who loses from the...

Q:

Current affirmative action programs are based on the belief that to overcome discrimination, we must practice discrimination. That perverse logic has created a system that undermines the fundamental...

Q:

KEY QUESTION Assume that Al, Beth, Carol, David, and Ed receive incomes of $500, $250, $125, $75, and $50, respectively. Construct and interpret a Lorenz curve for this five-person economy. What...