Question

A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and a new process for an organization. There is a disagreement between the information security manager and the business department manager who will be responsible for evaluating the results and identified risk. Which of the following would be the BEST approach to the information security manager?

a. Acceptance of the business manager’s decision on the risk to the corporation
b. Acceptance of the information security manager’s decision on the risk to the corporation
c. Review of the risk assessment with executive management for final input
d. Create a new risk assessment and BIA to resolve the disagreement

Answer 1

C. Review of the risk assessment with executive management for final input.

Step-by-step explanation:

The best approach to the information security manager would be to do a review of the risk assessment with executive management for final input.

Hence, it is necessary that the executive management be in support of the process, and has a clear understanding and is in agreement with the results considering the fact that risk management decisions can have a huge financial impact with major changes.

Also, since there is a disagreement between the information security manager and the business department manager because they have differing perspective to risk management, it is important that the review is done with the executive management team.