Question 15
Main Page
Which of the following most accurately describes a CISO's role in risk ownership?
A. The CISO owns all cybersecurity risks
B. The CISO defines the risk appetite for the board
C. The CISO supports risk analysis but does not own risk
D. The CISO decides which risks are accepted or rejected