Systems Security Certified Practitioner – SSCP – Question0611

Controls are implemented to:

A.
eliminate risk and reduce the potential for loss
B. mitigate risk and eliminate the potential for loss
C. mitigate risk and reduce the potential for loss
D. eliminate risk and eliminate the potential for loss

Correct Answer: C

Explanation:

Controls are implemented to mitigate risk and reduce the potential for loss. Preventive controls are put in place to inhibit harmful occurrences; detective controls are established to discover harmful occurrences; corrective controls are used to restore systems that are victims of harmful attacks.
It is not feasible and possible to eliminate all risks and the potential for loss as risk/threats are constantly changing. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32.