After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?
A. Information security officer
B. Chief information officer (CIO)
C. Business owner
D. Chief executive officer (CFO)
Explanation:
The business owner of the application needs to understand and accept the residual application risks.