SSCP · Question #404
SSCP Question #404: Real Exam Question with Answer & Explanation
The correct answer is A: Risk Acceptance. When a system or process cannot comply with the organization's security policy, management must formally acknowledge and accept the residual risk that results from that deviation. This is called Risk Acceptance (also known as risk tolerance or risk acknowledgment). It requires si
Question
A deviation from an organization-wide security policy requires which of the following?
Options
- ARisk Acceptance
- BRisk Assignment
- CRisk Reduction
- DRisk Containment
Explanation
When a system or process cannot comply with the organization's security policy, management must formally acknowledge and accept the residual risk that results from that deviation. This is called Risk Acceptance (also known as risk tolerance or risk acknowledgment). It requires sign-off by an appropriate authority who understands the exposure. Risk Assignment (transferring risk to a third party), Risk Reduction (implementing controls), and Risk Containment (limiting the scope of risk) all involve taking action to address the risk rather than formally accepting it as-is.
Topics
Community Discussion
No community discussion yet for this question.