An organization's marketing department wants to use an online collaboration service which is not in compliance with the information security policy.
A risk assessment is performed, and risk acceptance is being pursued.
Approval of risk acceptance should be provided by:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When an organization's marketing department wants to use an online collaboration service that is not in compliance with the information security policy, a risk assessment should be performed to determine the potential risks and threats that the service might pose to the organization's information security. Based on the results of the risk assessment, the organization can decide whether to accept or mitigate the risk.
Risk acceptance means that the organization is willing to tolerate the potential risk and will not take any action to mitigate it. However, the decision to accept the risk should be approved by the appropriate authority within the organization.
In this scenario, the approval of risk acceptance should be provided by the business senior management. This is because business senior management has the overall responsibility for the organization's operations, including the management of risks. They are responsible for ensuring that the organization's operations are aligned with the organization's strategic objectives and for making decisions that support the organization's long-term success.
While the information security manager, chief risk officer, and compliance officer are also involved in managing risks within the organization, they are not the appropriate authority to approve the acceptance of risks related to the marketing department's use of an online collaboration service. They may provide input and advice to the business senior management, but the ultimate decision lies with them.