An organization authorizes system deployment on the network after reducing the number of Category 1 vulnerabilities to zero. Which of the following is this scenario an example of?
Risk tolerance is the correct answer because the organization is defining an acceptable threshold for deployment. The system is allowed onto the network only after Category 1 vulnerabilities are reduced to zero. That means the organization is not saying all risk must be eliminated; it is saying a specific level of risk is unacceptable, while deployment is permitted once the risk falls within the approved threshold. Risk avoidance would mean not deploying the system or eliminating the activity entirely. Risk transference would shift financial or operational risk to another party, such as through insurance or outsourcing. Risk reporting is communication of risk status, not the decision threshold itself. This is a classic example of risk tolerance criteria.
===============
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit