Certified in Risk and Information Systems Control (CRISC) — Question 655

An organization has agreed to a 99% availability for its online services and will not accept availability that falls below 98.5%. This is an example of:

Answer options

• A. risk mitigation.
• B. risk appetite.
• C. risk evaluation.
• D. risk tolerance.

Correct answer: B

Explanation

The correct answer is B, risk appetite, as it defines the level of risk the organization is willing to accept regarding service availability. The other options do not apply here: risk mitigation involves strategies to reduce risk, risk evaluation is the assessment of risk, and risk tolerance refers to the acceptable level of variance from the risk appetite, which in this scenario has already been defined.