Which of the following is the MOST important consideration when determining whether to accept residual risk after security controls have been implemented on a critical system?
A. Cost of the information control system.
B. Cost versus benefit of additional mitigating controls.
C. Annualized loss expectancy (ALE) for the system.
D. Frequency of business impact.
A. Cost of the information control system.
B. Cost versus benefit of additional mitigating controls.
C. Annualized loss expectancy (ALE) for the system.
D. Frequency of business impact.