During a risk assessment a company determines their acceptable level of risk. To achieve a desired objective, it is decided that the company can deviate a certain amount from the determined level of risk. This deviation is called what?
|Security Program Management and Oversight
|Threats, Vulnerabilities, and Mitigations
|General Security Concepts