🔥 3-day streak
ISACA CISM — Certified Information Security Manager76 / 121
Question 76 of 121
A business unit manager wants to continue using a legacy application that cannot support multi-factor authentication. The information security manager has documented that this creates a risk exceeding the organization's defined risk appetite. The manager insists the application is critical to revenue and asks the security team to simply accept the risk. What is the MOST appropriate action for the information security manager?
Reviewed for accuracy · Report an issueNext question