What is the prime directive of Risk Management?
A.
Reduce all risks regardless of cost.
B.
Transfer any risk to external third parties.
C.
Reduce the risk to a tolerable level.
D.
Prosecute any employees that are violating published security policies.
Explanation:
The correct answer is “Reduce the risk to a tolerable level. Risk can never be eliminated, and Risk
Management must find the level of risk the organization can tolerate
and still function effectively.