What does an exception in the context of a risk management strategy typically represent within an organization's information security policy?
A method employed to mitigate a identified security risk to an acceptable level.
The ongoing oversight activity to ensure compliance with external regulations.
A documented acknowledgment permitting deviation from a specific security policy for a limited period.
An outline of potential negative events that could impact organizational operations.