Risk appetiterefers to thelevel of risk an organization is willing to acceptbefore implementing security measures. When expanding access controls, the company must assess how much risk is acceptable in terms ofdata exposure, unauthorized access, and compliance obligations. Reference:CompTIA Security+ SY0-701 Official Study Guide, Risk Management domain.