CISSP · Question #896
When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?
The correct answer is D. Information ownership. When determining who can accept the risk associated with a vulnerability, information ownership is the most important factor. The owner of the information (or system) is responsible for making decisions about the level of risk the organization is willing to accept for that specif
Question
When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?
Options
- ACountermeasure effectiveness
- BType of potential loss
- CIncident likelihood
- DInformation ownership
How the community answered
(54 responses)- A17% (9)
- B9% (5)
- C4% (2)
- D70% (38)
Explanation
When determining who can accept the risk associated with a vulnerability, information ownership is the most important factor. The owner of the information (or system) is responsible for making decisions about the level of risk the organization is willing to accept for that specific asset. Information ownership involves understanding who is accountable for the security and integrity of the data or system. The information owner has the authority to assess the risks and decide whether to accept, transfer, or mitigate them. This person is ultimately responsible for determining whether the potential consequences of a risk are acceptable in relation to business goals, operational needs, or budget constraints.
Topics
Community Discussion
No community discussion yet for this question.