🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional93 / 129
Question 93 of 129
A security team identifies a residual risk in a legacy application that cannot be cost-effectively remediated before a critical product launch. The estimated impact is within the organization's documented risk appetite, and no compensating control is feasible in the timeframe. According to sound risk management practice, what is the MOST appropriate next step?
Reviewed for accuracy · Report an issueNext question