CISSP · Question #479
When can a security program be considered effective?
The correct answer is C. Risk is lowered to an acceptable level.. A security program can be considered effective when it lowers the risk to an acceptable level, meaning that the residual risk after implementing security controls is within the risk appetite and tolerance of the organization. Risk is the likelihood and impact of a threat exploiti
Question
Options
- AAudits are rec/party performed and reviewed.
- BVulnerabilities are proactively identified.
- CRisk is lowered to an acceptable level.
- DBadges are regulatory performed and validated
How the community answered
(15 responses)- A7% (1)
- B13% (2)
- C73% (11)
- D7% (1)
Explanation
A security program can be considered effective when it lowers the risk to an acceptable level, meaning that the residual risk after implementing security controls is within the risk appetite and tolerance of the organization. Risk is the likelihood and impact of a threat exploiting a vulnerability, and risk management is the process of identifying, assessing, treating, and monitoring risk. A security program should align with the business objectives and strategy, and provide a framework for implementing, operating, and improving security controls that mitigate
Topics
Community Discussion
No community discussion yet for this question.