nerdexam
(ISC)2

CISSP · Question #896

When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?

The correct answer is D. Information ownership. When determining who can accept the risk associated with a vulnerability, information ownership is the most important factor. The owner of the information (or system) is responsible for making decisions about the level of risk the organization is willing to accept for that specif

Submitted by thandi_sa· Mar 5, 2026Security and Risk Management

Question

When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?

Options

  • ACountermeasure effectiveness
  • BType of potential loss
  • CIncident likelihood
  • DInformation ownership

How the community answered

(54 responses)
  • A
    17% (9)
  • B
    9% (5)
  • C
    4% (2)
  • D
    70% (38)

Explanation

When determining who can accept the risk associated with a vulnerability, information ownership is the most important factor. The owner of the information (or system) is responsible for making decisions about the level of risk the organization is willing to accept for that specific asset. Information ownership involves understanding who is accountable for the security and integrity of the data or system. The information owner has the authority to assess the risks and decide whether to accept, transfer, or mitigate them. This person is ultimately responsible for determining whether the potential consequences of a risk are acceptable in relation to business goals, operational needs, or budget constraints.

Topics

#Risk acceptance#Information ownership#Vulnerability management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice