CRISC Certified in Risk and Information Systems Control – Question201
To which level the risk should be reduced to accomplish the objective of risk management? A. To a level where ALE is lower than SLE B. To a level where ARO equals SLE C. To a level that an organization can accept D. To a level that an organization can mitigate
Correct Answer: C
Explanation:
Explanation:
The main objective of risk management is to reduce risk to a level that the organization or company will accept, as the risk can never be completely eliminated.
Incorrect Answers: A, B: There are no such concepts existing in manipulating risk level.
D: Risk mitigation involves identification, planning, and conduct of actions for reducing risk. Because the elimination of all risk is usually impractical or close to impossible, it is aimed at reducing risk to an acceptable level with minimal adverse impact on the organization’s resources and mission.
Please disable your adblocker or whitelist this site!