A. before and after completing the risk treatment plan.
B. throughout the risk treatment planning process.
C. following changes to the business's environment.
A. adhere to local data protection laws.
B. manage risk to acceptable tolerance levels.
C. avoid the risk of regulatory noncompliance.
A. Real and relevant potential risk events
B. Previously materialized risk events impacting competitors
C. Risk events that affect both financial and strategic objectives
A. Enterprise risk management strategy
B. Associated business functions or services
C. Industry best practices
A. be a direct measure of risk for each business line.
B. measure current risk levels in comparison to past levels.
C. alert there is an increased chance of exceeding risk appetite.
A. To determine the best course of action based on the threat and potential impact
B. To improve the knowledge of deficient control conditions within IT systems
C. To reduce the amount of effort to identify and catalog new vulnerabilities