Certified Information Systems Security Professional – CISSP – Question353

What information will BEST assist security and financial analysts in determining if a security control is cost effective to mitigate a vulnerability?

A.
Annualized Loss Expectancy (ALE) and the cost of the control
B. Single Loss Expectancy (SLE) and the cost of the control
C. Annual Rate of Occurrence (ARO) and the cost of the control
D. Exposure Factor (EF) and the cost of the control

Correct Answer: D