The output of the risk management process is an input for making:

A. business plans.

B. audit charters.

C. security policy decisions.

D. software design decisions.

Explanation:

The risk management process is about making specific, security-related decisions, such as the level of acceptable risk. Choices A, B and D are not ultimate goals of the risk management process.