Paul has just completed identifying and assessing risk, reduced it to an acceptable level, and implemented the right mechanisms to maintain that level. What did Paul just do?
Explanation
Answer: B - The completion of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level is information risk management. Threats must be identified, classified by category, and evaluated to calculate their damage potential to the company. Real risk is hard to measure, but prioritizing the potential risks in the order of which ones must be addressed first is possible. Major risk categories include: physical damage, human interaction, equipment malfunction, inside and outside attacks, misuse of data, loss of data, and application error.
