Establishing the level of acceptable risk is the responsibility of:
A. quality assurance management.
B. senior business management.
C. the chief information officer.
D. the chief security officer.
Explanation:
Senior management should establish the acceptable risk level, since they have the ultimate or final responsibility for the effective and efficient operation of the organization. Choices A, C and D should act as advisors to senior management in determining an acceptable risk level.