Posted by: Pdfprep
Post Date: January 11, 2021
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. You have identified potential solutions for all of your risks that do not have security controls.
What is the NEXT step?
A . Create a risk metrics for all unmitigated risks
B . Get approval from the board of directors
C . Verify that the cost of mitigation is less than the risk
D . Screen potential vendor solutions
Answer: C
Leave a Reply