Establishing the level of acceptable risk is the responsibility of: A、quality assurance management. B、senior business management. C、the chief information officer. D、the chief security officer.