The output of the risk management process is an input for making:
A. business plans.
B. audit charters.
C. security policy decisions.
D. software design decisions.
Explanation:
The risk management process is about making specific, security-related decisions, such as the level of acceptable risk. Choices A, B and D are not ultimate goals of the risk management process.