Which of the following should be determined while defining risk management strategies?
Organizational objectives and risk tolerance
Enterprise disaster recovery plans
Risk assessment criteria
IT architecture complexity
Correct answer: A
Question 2
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.
This activity BEST demonstrates what part of a security program?