Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?

Posted by: Pdfprep Category: CISM Tags: , ,

Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
A . Historical cost of the asset
B . Acceptable level of potential business impacts
C . Cost versus benefit of additional mitigating controls
D . Annualized loss expectancy (ALE)

Answer: C

Explanation:

The security manager would be most concerned with whether residual risk would be reduced by a greater amount than the cost of adding additional controls. The other choices, although relevant, would not be as important.

Leave a Reply

Your email address will not be published.