1. A security team is implementing various security controls across the organization. After several configurations and applications, a final agreed-on set of security controls are put into place; however, not all risks are mitigated by the controls. Of the following, which is the next best step?
A. Continue applying controls until all risk is eliminated.
B. Ignore any remaining risk as “best effort controlled.”
C. Ensure that any remaining risk is residual or low and accept the risk.
D. Remove all controls.
C. Remember at the beginning of this ...