CERTIFIED-IN-CYBERSECURITY · Question #505
CERTIFIED-IN-CYBERSECURITY Question #505: Real Exam Question with Answer & Explanation
The correct answer is A: Risk acceptance. Consciously choosing not to implement required security controls is a form of risk acceptance (see the ISC2 Study Guide, Chapter 1, Module 3). Risk acceptance is a risk management strategy that involves a conscious decision not to take action to reduce or mitigate a risk. This st
Question
Choosing NOT to implement the needed security controls is a form of:
Options
- ARisk acceptance
- BRisk transference
- CRisk reduction
- DRisk mitigation
Explanation
Consciously choosing not to implement required security controls is a form of risk acceptance (see the ISC2 Study Guide, Chapter 1, Module 3). Risk acceptance is a risk management strategy that involves a conscious decision not to take action to reduce or mitigate a risk. This strategy is typically used when the cost of mitigating the risk is greater than the cost of accepting the risk. For example, an organization might decide not to purchase an expensive cyber defense system if its analysis shows that the likely cost of a potential loss would be less. Risk reduction, risk mitigation, and risk transfer are all risk management strategies that involve taking action to reduce or mitigate a risk. Risk reduction involves reducing the likelihood of a risk occurring, while risk mitigation involves reducing the impact of a risk if it does occur. Risk
Topics
Community Discussion
No community discussion yet for this question.