ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While compiling results of a security assessment, the risk executive drafts system risk acceptance criteria that will apply across all business units. According to NIST guidance, with which organizational artifact must those criteria align first?
Service-level objectives defined in the IT operations runbook
The list of open vulnerabilities documented in the most recent POA&M
The enterprise-level risk tolerance and appetite statement approved by senior leadership
Budget allocations for information security projects in the current fiscal year
Risk acceptance criteria describe the level of residual risk the organization is willing to live with before requiring further mitigation. NIST risk management publications state that such criteria must be derived from the enterprise's documented risk appetite and risk tolerance, typically expressed in a senior-leadership-approved statement or policy. This document sets the upper boundary for acceptable risk and therefore drives whether a given level of residual risk can be accepted. Budgetary limits, POA&M vulnerability listings, and IT operations service-level objectives may influence scheduling or prioritization, but none of them establishes the fundamental threshold of what constitutes acceptable risk for the organization.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is residual risk?
Open an interactive chat with Bash
What is a risk appetite and risk tolerance statement?
Open an interactive chat with Bash
What is NIST's role in risk management guidance?
Open an interactive chat with Bash
What is risk appetite in the context of governance and compliance?
Open an interactive chat with Bash
What is meant by residual risk?
Open an interactive chat with Bash
What does NIST guidance suggest about risk management frameworks?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .