Watch this video on YouTube
In a scenario where your organization's residual risk for a particular business procedure is found to be below the accepted risk threshold, what should be your main focus as an Information Security Manager?