nerdexam
(ISC)2

CISSP · Question #398

Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

The correct answer is C. Organizational risk tolerance. The most important factor when determining appropriate countermeasures for an identified risk is the organizational risk tolerance, which is the level of risk that the organization is willing to accept or reject. The risk tolerance reflects the organization's mission, objectives,

Submitted by anna_se· Mar 5, 2026Security and Risk Management

Question

Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

Options

  • AInteraction with existing controls
  • BCost
  • COrganizational risk tolerance
  • DPatch availability

How the community answered

(26 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    81% (21)
  • D
    12% (3)

Explanation

The most important factor when determining appropriate countermeasures for an identified risk is the organizational risk tolerance, which is the level of risk that the organization is willing to accept or reject. The risk tolerance reflects the organization's mission, objectives, culture, and values, and influences the selection and implementation of security controls. The risk tolerance also helps to balance the cost and benefit of the countermeasures, as well as the interaction with existing controls and the availability of patches.

Topics

#Risk management#Countermeasures#Risk tolerance#Security controls

Community Discussion

No community discussion yet for this question.

Full CISSP Practice