27d • 🙋♂️ CISSP
CISSP Practice Question (Domain 1: Security and Risk Management)
Your board approves a risk appetite statement allowing moderate risk for innovation initiatives. Six months later, a business unit launches an AI product that processes health data without a privacy impact assessment. The unit claims it falls within approved risk appetite.
What is the PRIMARY concern?
A. The AI product lacks sufficient technical security controls
B. Risk appetite does not override mandatory regulatory compliance obligations
C. The business unit failed to obtain CISO approval before launch
D. The risk appetite statement needs to be revised to exclude AI initiatives
Come back for the answer tomorrow, or study more now!
2
28 comments
CISSP Practice Question (Domain 1: Security and Risk Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+46
2
+30
3
+29
4
+29
5
+28
Powered by