Question 53
Main Page
The CISO is revising the enterprise’s risk policy. Which element must be clearly included?
A. Executive compensation
B. IT ticketing procedures
C. Risk appetite and tolerance definitions
D. Vendor invoice approval
Answer: C. Risk appetite and tolerance definitions
These definitions are foundational in any risk policy to establish acceptable levels of risk and support consistent decisions.