CISM Certified Information Security Manager – Question0306
Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level? A. Implement countermeasures. B. Eliminate the risk. C. Transfer the risk. D. Accept the risk.
Correct Answer: C
Explanation:
Explanation:
Risks are typically transferred to insurance companies when the probability of an incident is low but the impact is high. Examples include: hurricanes, tornados and earthquakes. Implementing countermeasures may not be the most cost-effective approach to security management. Eliminating the risk may not be possible. Accepting the risk would leave the organization vulnerable to a catastrophic disaster which may cripple or ruin the organization. It would be more cost effective to pay recurring insurance costs than to be affected by a disaster from which the organization cannot financially recover.
Please disable your adblocker or whitelist this site!