Posted by: Pdfprep
Post Date: November 20, 2020
An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization.
In this case the information security manager should:
A . use a qualitative method to assess the risk.
B . use a quantitative method to assess the risk.
C . put it in the priority list in order to gain time to collect more data.
D . ask management to increase staff in order to collect more evidence on severity.
Answer: A
Leave a Reply