🔥 3-day streak
CompTIA SecurityX (CAS-005)79 / 120
Question 79 of 120
A financial services firm's board has formally set the enterprise risk appetite statement at a maximum of $2 million in annual aggregate operational-security losses. The CISO defines a risk tolerance of ±10% around individual control thresholds to allow operational flexibility. During Q3, the security operations team detects that projected annual losses from a recurring fraud pattern will reach $2.3 million if left unaddressed, and a specific control's residual risk has drifted 18% above its defined threshold. Which action best aligns with proper governance of risk appetite and tolerance?
Reviewed for accuracy · Report an issueNext question