CISSP Question #984: Real Exam Question with Answer & Explanation

The correct answer is A: Risk tolerance. The OWASP SAMM allows organizations to implement a flexible software security strategy to measure organizational impact based on risk tolerance. Risk tolerance is the level of risk that an organization is willing to accept or endure in pursuit of its objectives. The OWASP SAMM he

Submitted by packet_pusher· Mar 5, 2026Software Development Security

Question

The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?

Options

ARisk tolerance
BRisk exception
CRisk treatment
DRisk response

Explanation

The OWASP SAMM allows organizations to implement a flexible software security strategy to measure organizational impact based on risk tolerance. Risk tolerance is the level of risk that an organization is willing to accept or endure in pursuit of its objectives. The OWASP SAMM helps organizations to define their risk tolerance level and align their software security activities accordingly. Risk exception is the process of granting a temporary or permanent deviation from a security policy or requirement. Risk treatment is the process of selecting and implementing appropriate measures to modify the risk. Risk response is the process of taking actions to address the risk, such as avoiding, transferring, mitigating, or accepting the risk.

Topics

#OWASP SAMM#software security#risk management#risk tolerance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions