Question 190
Main Page
A key risk treatment was not implemented. What’s the CISO’s responsibility?
A. Ignore and move on
B. Document the deviation and escalate to risk committee
C. Remove it from the risk register
D. Cancel the mitigation plan
Show Answer