Certified Chief Information Security Officer (CCISO) — Question 169

The amount of risk an organization is willing to accept in pursuit of its mission is known as______________.

Answer options

• A. risk transfer
• B. risk mitigation
• C. risk acceptance
• D. risk tolerance

Correct answer: D

Explanation

The correct answer is risk tolerance, which defines the threshold of risk an organization is willing to bear. Risk transfer involves shifting the risk to another party, risk mitigation focuses on reducing risk, and risk acceptance means acknowledging the risk but does not define the level of risk the organization is willing to take.