Mitigating technology risk to acceptable levels means that the organization implements and maintains appropriate controls to reduce the likelihood and impact of potential threats or losses that may arise from the use of technology, such as IT systems, applications, networks, devices, etc.
The primary factor that should guide the mitigation of technology risk is the organizational risk appetite. This means that the organization defines and communicates the amount and type of risk that it is willing to accept or pursue in order to achieve its objectives and strategy.
The organizational risk appetite helps to determine the risk tolerance and thresholds for different risk categories and scenarios, prioritize the risks, select the most suitable risk responses, allocate the resources and budget for risk management, and monitor and report the risk performance and outcomes.
The other options are not the primary factors that should guide the mitigation of technology risk. They are either secondary or not essential for risk management.
The references for this answer are:
Risk IT Framework, page 25
Information Technology & Security, page 19
Risk Scenarios Starter Pack, page 17
Submit