Certified Chief Information Security Officer (CCISO) — Question 106
An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions.
Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?
Answer options
- A. Audit and Compliance
- B. The CFO
- C. The CISO
- D. The business owner
Correct answer: D
Explanation
The business owner is typically responsible for the operational aspects and decisions related to the business process, including risk acceptance until controls can be put in place. While the CFO, CISO, and Audit and Compliance play vital roles in governance and oversight, they do not directly manage the day-to-day operations that would be impacted by the risk in question.