CISSP · Question #398
Which of the following is MOST important when determining appropriate countermeasures for an identified risk?
The correct answer is C. Organizational risk tolerance. The most important factor when determining appropriate countermeasures for an identified risk is the organizational risk tolerance, which is the level of risk that the organization is willing to accept or reject. The risk tolerance reflects the organization's mission, objectives,
Question
Which of the following is MOST important when determining appropriate countermeasures for an identified risk?
Options
- AInteraction with existing controls
- BCost
- COrganizational risk tolerance
- DPatch availability
How the community answered
(26 responses)- A4% (1)
- B4% (1)
- C81% (21)
- D12% (3)
Explanation
The most important factor when determining appropriate countermeasures for an identified risk is the organizational risk tolerance, which is the level of risk that the organization is willing to accept or reject. The risk tolerance reflects the organization's mission, objectives, culture, and values, and influences the selection and implementation of security controls. The risk tolerance also helps to balance the cost and benefit of the countermeasures, as well as the interaction with existing controls and the availability of patches.
Topics
Community Discussion
No community discussion yet for this question.