u/wbee13

I am a little bit confused about this question & I need input, please. The question is specific for when developing an IS strategy. Thinking the ISACA way and most importantly as a manager, one would assume that the logical answer would be B. The possible responses for A and B are out. I was thinking that C is out as well. The only possible answer would be B. The step of being compliant w/ legal and regulatory constrains precedes and sets the bar for the risk response, in this case the decision was to mitigate against that risk. I am a bit confused.

https://preview.redd.it/b5it79vf620h1.png?width=1746&format=png&auto=webp&s=a30fff9dfa0cd8b9bc1bc6cce24b1058a8360b27