Question 393:
The decision as to whether a risk has been reduced to an acceptable level should be determined by:
Answer options:
A. organizational requirements. B. information systems requirements. C. information security requirements. D. international standards.