🔥 3-day streak
ISACA CISM — Certified Information Security Manager75 / 121
Question 75 of 121

After implementing agreed mitigating controls for a critical customer-facing application, the information security manager reassesses the risk and finds the residual risk still exceeds the organization's documented risk appetite. The business unit insists the application must remain in production to meet revenue targets. What should the information security manager do NEXT?

Reviewed for accuracy · Report an issueNext question