CISM Certified Information Security Manager – Question0415
When residual risk is minimized: A. acceptable risk is probable. B. transferred risk is acceptable. C. control risk is reduced. D. risk is transferable.
Correct Answer: A
Explanation:
Explanation:
Since residual risk is the risk that remains after putting into place an effective risk management program, it is probable that the organization will decide that it is an acceptable risk if sufficiently minimized. Transferred risk is risk that has been assumed by a third party, therefore its magnitude is not relevant. Accordingly, choices B and D are incorrect since transferred risk does not necessarily indicate whether risk is at an acceptable level. Minimizing residual risk will not reduce control risk.
Please disable your adblocker or whitelist this site!